Starystars67
commented
2 years ago An interesting idea, Not how this could be done securely really. Will go and do some thinking.
Open lionkor opened 2 years ago
Starystars67
commented
2 years ago An interesting idea, Not how this could be done securely really. Will go and do some thinking.
lionkor
commented
2 years ago There is no reason to consider security here - the assumption must be that a server you already joined has no malicious intent. I'd suggest escaping any html + backslashes for all messages that aren't server messages. I don't see a reason why the server should be restricted in sending links in chat.
Starystars67
commented
2 years ago The issue is that how does a client know reliably that any given message it received is from the server or a client? The only way I can see that being done is to put trust into the server to handle all escaping and sanitisation and then let the client trust all received messages. To do this though it would be work on the server side rather than client.
lionkor
commented
2 years ago Sorry, I failed to clarify: The server will always be called "Server" in the sender :) You can tell by that.
Starystars67
commented
2 years ago Could a Client not have a username of Server and as such defeat this?
lionkor
commented
2 years ago If this is possible, the backend needs to promptly(!) address it, since it's already a convention that the sender of server messages is called "Server" :o
Starystars67
commented
1 year ago Not sure why this was never answered, sorry about that. No the name Server cannot be taken, not can any variants of it. So that is that concern squashed.
Clickable links should be possible in theory however the game appears to be blocking them at this time. I have asked for a new function to be added to the new launcher to facilitate the opening of links.
OfficialLambdax
commented
1 year ago Are we talking about letting links in messages bypass the game own blocker? The game has a whitelist of servers. you can for example open links to the forum, but not for example to a discord. And i think thats good, while inconvenient, it protects the players from links that sends them to bad things. If we bypass it we could see ip grabbers, exploits, scare content and what not. If we really want this, then please also with a whitelist of web servers.
Starystars67
commented
1 year ago I agree that this does raise those kinds of concerns. This topic was discussed in voice chat and those kinds of concerns were raised. The response to this was that if the player is concerned by what a server is sending in a chat message then the concern should also be valid for joining the server in the first place.
When looking at it from this prospective then it is a good argument point. As such though I do not see ANY issue with the implementation it does of course maintain a level of concern. An appropriate way to handle this I think would be to have it configured whereby when you click on a link in the chat it checks if it is whitelisted, if it is then it just opens the link. If it is not then a window pops up stating that the link is taking you to an unknown site which could pose a risk to your system. Proceed only if you trust the link / website.
Is your feature request related to a problem? Please describe. Currently, if I want to invite people to a server's discord in a SendChatMessage, the links aren't clickable.
Describe the solution you'd like Links sent by the server should be clickable in chat.
Describe alternatives you've considered All links could be clickable, but that's asking for trouble.