Message of the Day URL function can expose players to adult content, malware, etc

Tharatan shared this bug 2 years ago

The new <MessageOfTheDayURL> function that can be set on dedicated servers will open the Steam browser to the specified URL without player input when they join a game. Server administrators can set this URL to direct to inappropriate content, malware, etc. without the player being able to prevent this from opening.

As KSWH cannot realistically expect to be able to filter web addresses to police the content that the <MessageOfTheDayURL> could be used to link to, I strongly suggest that either the function be disabled and the text-only basic Message of the Day function remain, or that a pop-up showing the web URL with a "do you wish to proceed to this site?" be generated to get a user's explicit consent before directing them to the site.

Comments (1)


Hello, Engineer!

Thank you for your feedback! Your topic has been added between considered issues.Please keep voting for the issue as it will help us to identify the most serious bugs.

We really appreciate your patience.

Kind Regards

Keen Software House: QA Department