jshackles
commented
6 years ago The way this currently works on the back end is that Enhanced Steam receives a dump of the economy tables (marketable items) and the items flagged as profile backgrounds are made available for users to choose from the available dropdown menu. These links are then reconstructed client-side when a user visits your profile and are appended to the CDN url in an effort to save space and to prevent the wrong image from displaying from the wrong host domain.
Giving users the ability to set custom URLs presents a few interesting and perhaps insurmountable challenges:
a) currently the database contains a few thousand URL stubs (rather than full URLS) whose index has been linked to over 500,000 users who have set custom profile backgrounds. If each user is allowed to set their own custom URL, this presents a data storage challenge if half a million users decide to use a really long URL as those will all need to be stored in the Enhanced Steam database.
b) implementing this feature would introduce an attack vector if someone set their custom background URL to a malicious file with a common image extension. The best we could hope to accomplish would be to verify that the URL ends in .jpg, .gif, .png, etc but these files could be compromised with malware. Then when the victim visits the infected profile they could be compromised.
c) users would be free to select offensive, inappropriate, pornographic, or illegal images which would introduce the need for these custom urls to be monitored and moderated. I am currently working three jobs and don't have time to babysit everyone. Absent moderation, this could open the project up to potential legal liabilities.
Unfortunately without a lot more resources and manpower that implementing this feature would cost, it simply isn't feasible.
I analyzed the source code the api calls, urls can be stored in the profile database but they are broken because they are added at the end to cdn... url.