DEV-15182 VWR-5474 SEC-20: re-enabled support for clicking on the

following SLAPP URL types in an untrusted browser: secondlife:///app/agent/... secondlife:///app/group/... secondlife:///app/parcel/... In order to find a compromise between supporting these commands and security concerns over potential griefing vectors, we use a throttling solution when these commands are issued by untrusted web browsers. That is, we only process one command per 15 seconds. This applies to external browsers, like Firefox, as well as the internal SL browser. Notably, we continue to block secondlife:///app/teleport URLs. Reviewed by james.
author: Martin Reddy <lynx@lindenlab.com> 2009-09-14 17:09:45 +0000
committer: Martin Reddy <lynx@lindenlab.com> 2009-09-14 17:09:45 +0000
commit: cb926640b72afc5f4cad3919222acaefdd090c92 (patch)
tree: 18e9a3dbf2cde4b310513bf4c970eeb8cf2fa5ea /indra/newview/llmediactrl.cpp
parent: 5f4764c785becf7344f48b02afd764a37b820d4c (diff)
1 files changed, 1 insertions, 8 deletions
diff --git a/indra/newview/llmediactrl.cpp b/indra/newview/llmediactrl.cpp
index 62b38f2b4a..09a7edaa43 100644
--- a/indra/newview/llmediactrl.cpp
+++ b/indra/newview/llmediactrl.cpp
@@ -916,15 +916,8 @@ void LLMediaCtrl::onClickLinkHref( LLPluginClassMedia* self )
 // 
 void LLMediaCtrl::onClickLinkNoFollow( LLPluginClassMedia* self )
 {
+	// let the dispatcher handle blocking/throttling of SLURLs
 	std::string url = self->getClickURL();
-	if (LLSLURL::isSLURLCommand(url)
-		&& !mTrusted)
-	{
-		// block handling of this secondlife:///app/ URL
-		LLNotifications::instance().add("UnableToOpenCommandURL");
-		return;
-	}
-
 	LLURLDispatcher::dispatch(url, this, mTrusted);
 }
author	Martin Reddy <lynx@lindenlab.com>	2009-09-14 17:09:45 +0000
committer	Martin Reddy <lynx@lindenlab.com>	2009-09-14 17:09:45 +0000
commit	cb926640b72afc5f4cad3919222acaefdd090c92 (patch)
tree	18e9a3dbf2cde4b310513bf4c970eeb8cf2fa5ea /indra/newview/llmediactrl.cpp
parent	5f4764c785becf7344f48b02afd764a37b820d4c (diff)