Facepunch / sbox-issues

175 stars 12 forks source link

Add a way to open stuff in steam browser #982

Closed matekdev closed 2 months ago

matekdev commented 3 years ago

What can't you do?

I want to be able to open stuff in the Steam browser.

How would you like it to work?

Probably could be based on href, or some hookup through code.

What have you tried?

This doesn't seem to exist.

Additional context

It could be that we want to stick with the GMOD way of doing this, i.e show a prompt with the URL inside, the user themselves has to copy and paste to open it.

garrynewman commented 3 years ago

Why do you want to do this?

matekdev commented 3 years ago
  1. Perform actions such as opening a steam profile through the leaderboards (similar to DOTA/CSGO)
  2. Whatever other types of uses cases, I can think of linking to GitHub pages, steam groups, game mode changelogs, etc.
braddotwav commented 3 years ago

Although I love this idea as It would help in many ways. if it gets implemented further down the line I could see it being used in a malicious way if there are no restrictions. I once had a gmod addon that whenever I would boot into a game it would ask me to login to my google account. assumingly phishing & I had no idea what mod it was coming from.

for change logs though I feel s&box could add something like that in natively, perhaps next to the play button for example.

Rohansi commented 3 years ago

The phishing potential is really significant with this. Possibly some confirmation before opening an external/unknown site would be necessary.

robotboy655 commented 3 years ago

If we add this, it must be only http(s) and with a prompt.

garrynewman commented 3 years ago

I don't see any harm in letting people open specific things like profiles

handsomematt commented 3 years ago

I don't see any harm in letting people open specific things like profiles

XSS on profiles (and the rest of Steam) has happened a ridiculous amount of times. Obviously it wouldn't be FPs fault but something to consider still.

garrynewman commented 3 years ago

If you're just passing a steamid of the person's profile to open though, I can't imagine how that could be exploited?

handsomematt commented 3 years ago

If you're just passing a steamid of the person's profile to open though, I can't imagine how that could be exploited?

I'd imagine that'd be fine, main issues in the past for Steam pages have generally been query params in their urls

robotboy655 commented 3 years ago

I do believe you could also run javascript:// urls to do some exploiting in the past, not sure if Valve took that away or not.

garrynewman commented 3 years ago

Yeah we won't let them open any old URL

JamDoggie commented 2 years ago

Bump, this would be very nice for tab menus.

yuberee commented 1 year ago

This would be useful for discord invite links, artist credits, organization websites, and more.

handsomematt commented 1 year ago

I'd rather we added a way to add links to your game's page instead, like linking socials anywhere else. I think Discord invites on game pages would get a huge use and let you build up big communities around your games.

PolSpock commented 1 year ago

+1

For example, i would like to add a "Buy me a Coffee" button, but currently, i have 2 solutions :

1) Open the link through WebPanel and WebSurface.Url and invite the client to complete the transaction in the WebPanel. For me, it looks weird to complete the transaction directly in the WebPanel from S&box.

Click here to see weird transaction through `WebSurface` in S&box ![webpanel](https://github.com/sboxgame/issues/assets/5229571/73816ceb-b5be-42fb-a395-32deaea1b16d)

2) So i have another solution: create a "copy to clipboard" button and ask for the client to open his browser and paste the copied URL. But the client experience won't be smooth.

So it will be cool to open the Steam Browser like any Steam game

Click here to see CS2 picture payment ![steampanel](https://github.com/sboxgame/issues/assets/5229571/119445e3-1bc6-4404-bcdc-03b99228083a)

OR be able to use some steam:// protocols like :

steam://openurl/<url>
steam://openurl_external/<url> Opens URL in the system's default web browser.
DrakeFruit commented 1 year ago

being able to open links in the default browser would be better

JamDoggie commented 1 year ago

I think the utility of something like this would be especially useful for something like opening a player's steam profile when you click on them in the tab menu. Being able to show the user something in the steam shift+tab menu is nicer sometimes for certain things than opening their browser (especially if the user is in fullscreen)

MrBrax commented 1 year ago

there would have to be some severe rate limiting and warning popups for the links you'd be able to open

DrakeFruit commented 8 months ago

I think this issue can be closed considering web panels exist now

matekdev commented 8 months ago

Not really, this issue is in regards to opening in the steam browser. If game exporting is going to be a thing, the case for this existing only in game exporting mode would be useful as well.

DrakeFruit commented 7 months ago

Web panels are literally just the steam browser

CarsonKompon commented 6 months ago

+1 Having to create a button to copy a link is quite unintuitive image

Rohansi commented 6 months ago

Web panels should never ever be used for anything that requires signing in. Anybody can make a website which looks like Steam/GitHub/etc but actually sends your password/2FA to them. Opening in a real browser outside of the game allows you to see the URL of the page to confirm that it's not some phishing site.

PolSpock commented 2 months ago

hi Garry, why are you closing this issue? I think the situation hasn’t been resolved yet. How can we establish a secure connection directly in-game? The Steam web browser gives us the confidence that we're on the correct website.

For example, if i want to complete a transaction, how can I ensure it’s secure? Or do you have any plans for creator monetization that you haven’t announced yet?

garrynewman commented 2 months ago

This is all way too prone to exploit, I can't think of an unexploitable way to let your users log in and pay for stuff from your website.

Yes we will have ways for you to monetize.

MrBrax commented 2 months ago

What about specific stuff like discord servers or communities? A lot of developers have used "copy to clipboard" for links

Retroeer commented 2 months ago

Couldn't a solution to this be to show a pop-up if a game attempts to open a link and tell the user "you're about to leave to [insert website here]" and then a confirm or deny? I believe Steam does this, and Discord. This seems like a useful enough feature, would be a shame to not have it, the alternative is forcing the user to copy text and paste it in their browser

matekdev commented 2 months ago

Understandable since a lot of this could be abused. At least standalone can disable it when necessary.

Wow... 2021 issue!

robotboy655 commented 2 months ago

For socials, ability to add links to social websites can be added to the gamemode's properties on the backend (with domain whitelist) which can then shown/clickable in-game, in the menus. You do not need to have the ability to programmatically open arbitrary links for this.

robotboy655 commented 2 months ago

I saw a mention of Steam Profiles, if this is not already possible, a special API function can be added for that I am sure, and it would take a 64bit SteamID.