Closed matekdev closed 2 months ago
Why do you want to do this?
Although I love this idea as It would help in many ways. if it gets implemented further down the line I could see it being used in a malicious way if there are no restrictions. I once had a gmod addon that whenever I would boot into a game it would ask me to login to my google account. assumingly phishing & I had no idea what mod it was coming from.
for change logs though I feel s&box could add something like that in natively, perhaps next to the play button for example.
The phishing potential is really significant with this. Possibly some confirmation before opening an external/unknown site would be necessary.
If we add this, it must be only http(s) and with a prompt.
I don't see any harm in letting people open specific things like profiles
I don't see any harm in letting people open specific things like profiles
XSS on profiles (and the rest of Steam) has happened a ridiculous amount of times. Obviously it wouldn't be FPs fault but something to consider still.
If you're just passing a steamid of the person's profile to open though, I can't imagine how that could be exploited?
If you're just passing a steamid of the person's profile to open though, I can't imagine how that could be exploited?
I'd imagine that'd be fine, main issues in the past for Steam pages have generally been query params in their urls
I do believe you could also run javascript://
urls to do some exploiting in the past, not sure if Valve took that away or not.
Yeah we won't let them open any old URL
Bump, this would be very nice for tab menus.
This would be useful for discord invite links, artist credits, organization websites, and more.
I'd rather we added a way to add links to your game's page instead, like linking socials anywhere else. I think Discord invites on game pages would get a huge use and let you build up big communities around your games.
+1
For example, i would like to add a "Buy me a Coffee" button, but currently, i have 2 solutions :
1) Open the link through WebPanel
and WebSurface.Url
and invite the client to complete the transaction in the WebPanel. For me, it looks weird to complete the transaction directly in the WebPanel from S&box.
2) So i have another solution: create a "copy to clipboard" button and ask for the client to open his browser and paste the copied URL. But the client experience won't be smooth.
So it will be cool to open the Steam Browser like any Steam game
OR be able to use some steam://
protocols like :
steam://openurl/<url>
steam://openurl_external/<url> Opens URL in the system's default web browser.
being able to open links in the default browser would be better
I think the utility of something like this would be especially useful for something like opening a player's steam profile when you click on them in the tab menu. Being able to show the user something in the steam shift+tab menu is nicer sometimes for certain things than opening their browser (especially if the user is in fullscreen)
there would have to be some severe rate limiting and warning popups for the links you'd be able to open
I think this issue can be closed considering web panels exist now
Not really, this issue is in regards to opening in the steam browser. If game exporting is going to be a thing, the case for this existing only in game exporting mode would be useful as well.
Web panels are literally just the steam browser
+1 Having to create a button to copy a link is quite unintuitive
Web panels should never ever be used for anything that requires signing in. Anybody can make a website which looks like Steam/GitHub/etc but actually sends your password/2FA to them. Opening in a real browser outside of the game allows you to see the URL of the page to confirm that it's not some phishing site.
hi Garry, why are you closing this issue? I think the situation hasn’t been resolved yet. How can we establish a secure connection directly in-game? The Steam web browser gives us the confidence that we're on the correct website.
For example, if i want to complete a transaction, how can I ensure it’s secure? Or do you have any plans for creator monetization that you haven’t announced yet?
This is all way too prone to exploit, I can't think of an unexploitable way to let your users log in and pay for stuff from your website.
Yes we will have ways for you to monetize.
What about specific stuff like discord servers or communities? A lot of developers have used "copy to clipboard" for links
Couldn't a solution to this be to show a pop-up if a game attempts to open a link and tell the user "you're about to leave to [insert website here]" and then a confirm or deny? I believe Steam does this, and Discord. This seems like a useful enough feature, would be a shame to not have it, the alternative is forcing the user to copy text and paste it in their browser
Understandable since a lot of this could be abused. At least standalone can disable it when necessary.
Wow... 2021 issue!
For socials, ability to add links to social websites can be added to the gamemode's properties on the backend (with domain whitelist) which can then shown/clickable in-game, in the menus. You do not need to have the ability to programmatically open arbitrary links for this.
I saw a mention of Steam Profiles, if this is not already possible, a special API function can be added for that I am sure, and it would take a 64bit SteamID.
What can't you do?
I want to be able to open stuff in the Steam browser.
How would you like it to work?
Probably could be based on
href
, or some hookup through code.What have you tried?
This doesn't seem to exist.
Additional context
It could be that we want to stick with the GMOD way of doing this, i.e show a prompt with the URL inside, the user themselves has to copy and paste to open it.