Message of the Day URL function can expose players to adult content, malware, etc

Tharatan shared this bug 5 years ago
Reported

The new <MessageOfTheDayURL> function that can be set on dedicated servers will open the Steam browser to the specified URL without player input when they join a game. Server administrators can set this URL to direct to inappropriate content, malware, etc. without the player being able to prevent this from opening.


As KSWH cannot realistically expect to be able to filter web addresses to police the content that the <MessageOfTheDayURL> could be used to link to, I strongly suggest that either the function be disabled and the text-only basic Message of the Day function remain, or that a pop-up showing the web URL with a "do you wish to proceed to this site?" be generated to get a user's explicit consent before directing them to the site.

Replies (4)

photo
1

Hello, Engineer!


Thank you for your feedback! Your topic has been added between considered issues.Please keep voting for the issue as it will help us to identify the most serious bugs.


We really appreciate your patience.


Kind Regards

Keen Software House: QA Department

photo
1

i vote that the Do you wish to proceed to site popup option be the one chosen as i can think of a few god server uses for such a feature such as a live updating territory map for a factions server

photo
1

Hello, Engineers!

Thank you for taking the time to report this. As this has been commented on recently, this has been brought to our attention and reported internally.

Kind Regards

Laura, QA Department

photo
1

Hello, Engineers!

Is it possible someone could share a server that uses the URL function? I can't seem to find one that does currently.

Kind Regards

Laura, QA Department

photo
1

Hi Laura,

I have it disabled but I can open mine up to it. It essentially opens a steam browser window and instantly loads the page each time players join. Due to the repetitive nature we have ours turned off - but I agree with the original post that this could easily be abused or be unsafe.

Thanks!

photo
Leave a Comment
 
Attach a file