[BUG-10866] The SL URI implementation could use an update

[sl-service-account]

How would you like the feature to work?

For clarification I'm talking about the viewer URI name space as outlined here: http://wiki.secondlife.com/wiki/Viewer_URI_Name_Space

Gonna update this since all major viewers are on CEF now

Current issues:

• Currently all SL URIs are blocked from shared media. This breaks plenty of existing content as many HUDs rely on sending secondlife:/// commands to interact with SL without the need for a third party server.

• The Firestorm implementation allows all SLURLs through without filtering. This is a major security issue as prim media can mess with people by using javascript.

• There is a 5 sec limit to the SLURLs allowed from a site on Firestorm. This needs to be either removed or significantly reduced.

  Proposed fix:

• Once a URI is received from a browser (not chat link), show a permission popup with something like: "domain.com wants to run SL URIs on your viewer", [Accept Once, Whitelist, Block].

• Remove the 5 sec limit. It would be redundant and break potentially great features that come with valhalla.

  Why is this feature important to you? How would it benefit the community?

  Say I wanted to create a rhythm game once the project valhalla browser is added to the official viewer. Musical games in SL don't work well due to lag, sounds not loading in time, etc. But with HTML5 you can build the entire game to run on shared media. The actual game would then run clientside and communicate with SL by using the app/chat URI with javascript. This leads to a better experience for the user, and less resources needed by the simulator.

  Obviously we still don't have a method of communicating SL->browser by script, but I'll leave that for another JIRA.

Original Jira Fields

| Field | Value | | ------------- | ------------- | | Issue | BUG-10866 | | Summary | The SL URI implementation could use an update | | Type | New Feature Request | | Priority | Unset | | Status | Accepted | | Resolution | Accepted | | Reporter | Jasdac Stockholm (jasdac.stockholm) | | Assignee | Oz Linden (oz.linden) | | Created at | 2015-12-05T12:30:58Z | | Updated at | 2016-03-24T14:14:37Z | ``` { 'Business Unit': ['Platform'], 'Date of First Response': '2015-12-05T21:31:49.802-0600', 'How would you like the feature to work?': 'For clarification I\'m talking about the viewer URI name space as outlined here: http://wiki.secondlife.com/wiki/Viewer_URI_Name_Space\r\n\r\nCurrent issues:\r\n\r\n* Any website can force send a URI to a viewer through javascript. Example: window.location = \'secondlife:///app/agent/cf2625ff-b1e9-4478-8e6b-b954abde056b/mute\'; Would silently mute me for anyone who visited my page with SL running.\r\n* Won\'t that be detected though if you visit without SL running? Well you have the built in SL browser which contains headers. A server side script could check those headers and only include the malicious code whenever you open the site in the built in SL browser. And since the call is silent it would be near impossible for the average user to figure out why they are suddenly muting a bunch of people.\r\n* Currently there\'s a limit of one URI from a browser every 5 or so seconds. But just using a javascript timer you can still cause a lot of harm in the time someone visits a website. In fact, I\'d say the 5 second rule is more detrimental as it blocks a potentially awesome tool. Say I make a WebGL or 2d canvas game once project valhalla rolls out. I could then stick it on a HUD through shared media and have the website send commands through app/chat to make some really cool stuff.\r\n* Currently you have a popup whenever a second life TP link is received. That popup has a "don\'t show me this again" checkbox. If that is checked, you can also teleport an agent around freely when they visit your website.\r\n\r\nProposed fix:\r\n\r\n* Once a URI is received from a browser (not chat link), show a permission popup with something like: "domain.com wants to run SL URIs on your viewer", [Accept Once, Whitelist, Block].\r\n* Remove the 5 sec limit. It would be redundant and break potentially great features that come with valhalla.', 'ReOpened Count': 0.0, 'Severity': 'Unset', 'Target Viewer Version': 'viewer-development', 'Why is this feature important to you? How would it benefit the community?': "Say I wanted to create a rhythm game once the project valhalla browser is added to the official viewer. Musical games in SL don't work well due to lag, sounds not loading in time, etc. But with HTML5 you can build the entire game to run on shared media. The actual game would then run clientside and communicate with SL by using the app/chat URI with javascript. This leads to a better experience for the user, and less resources needed by the simulator.\r\n\r\nObviously we still don't have a method of communicating SL->browser by script, but I'll leave that for another JIRA.", } ```

[sl-service-account]

Kadah Coba commented at 2015-12-06T03:31:50Z, updated at 2015-12-06T04:22:27Z

There is a way around the throttle by using events, but on the Valhalla/CEF viewer, SLURLs are blocked completely it seems.

A SLurl was received from an untrusted browser and has been blocked for your security.

A simple example use of SLURLs on moap would be an interactive in-world map for a set of regions to allow the resident to TP to different parts easily.

Edit: Looks like TP/map SLURLs from 3rd party sites are fine on MOAP but chat ones are blocked.

[sl-service-account]

Swiftkill commented at 2015-12-09T22:00:46Z

waitm, no way to interact SL-> browser? WHat about HTTP requests and even IRC messaging from LSL, as well as objects in SL can have own HTTP "webpage"?

[sl-service-account]

Jasdac Stockholm commented at 2015-12-09T22:20:24Z

HTTP requests are very slow, you can do something with sockets but that would require a socket server. An implementation like llRaiseLinkMediaJSEvent(link, face, event, data) to let the client handle it would be optimal, but that's off topic.

[sl-service-account]

Jasdac Stockholm commented at 2015-12-18T14:51:35Z

It seems SLURLs are blocked from ANY shared media browser in the official viewer right now.

[sl-service-account]

Whirly Fizzle commented at 2015-12-18T23:48:26Z

Which SLURLs are blocked for you?

All the SLURLs that are marked as supported (in green) on https://callum-linden.s3.amazonaws.com/slappr.html are working for me on Second Life 4.0.0 (309247) Dec 16 2015 19:01:02 (Second Life Release)

Second Life 4.0.0 (309247) Dec 16 2015 19:01:02 (Second Life Release)
Release Notes

You are at 3.4, 106.6, 21.7 in Nuts Island located at sim9137.agni.lindenlab.com (216.82.42.73:13009)
SLURL: http://maps.secondlife.com/secondlife/Nuts%20Island/3/107/22
(global coordinates 256,003.0, 311,403.0, 21.7)
Second Life Server 15.12.01.308474
Retrieving...

CPU: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz (3491.93 MHz)
Memory: 16268 MB
OS Version: Microsoft Windows 7 64-bit Service Pack 1 (Build 7601)
Graphics Card Vendor: NVIDIA Corporation
Graphics Card: GeForce GTX 750/PCIe/SSE2

Windows Graphics Driver Version: 10.18.0013.5906
OpenGL Version: 4.5.0 NVIDIA 359.06

libcurl Version: libcurl/7.38.0 OpenSSL/1.0.1h zlib/1.2.8
J2C Decoder Version: KDU v7.2
Audio Driver Version: FMOD Ex 4.44.31
LLCEFLib/CEF Version: 1.5.1-(CEF-WIN-3.2526.1347-32)
Voice Server Version: Vivox 4.6.0017.21209

Built with MSVC version 1800
Packets Lost: 531/16,847 (3.2%)

[sl-service-account]

Kadah Coba commented at 2015-12-20T21:41:00Z

Whhirly, chat to non 0 channels, which is missing from slappr.

Navigate multiple does not appear to work as intended on that, SLURLa are being received as a normal, and single, click and don't trip the throttle as I think its supposed.

I've made a copy with with non-zero chat, you'll need something to recieve chat on channel 3 for testing, https://dl.dropboxusercontent.com/u/26299591/temp/test/slappr.html

[sl-service-account]

Whirly Fizzle commented at 2015-12-21T00:18:25Z

Chat to non 0 channels and chat to 0 channel are both blocked on pre-CEF viewers too. Tested on Second Life 3.8.7 (308556) Dec 2 2015 17:18:37 (Second Life Release)

[sl-service-account]

Kadah Coba commented at 2015-12-21T04:25:35Z

Non-zero is not blocked in Firestorm (any version, including CEF). That would be part of the request.

[sl-service-account]

Whirly Fizzle commented at 2015-12-21T04:32:40Z

OOh! Huh yeah. Non zero channel does work on Firestorm (tested on post-CEF merge). Zero channel is blocked.

[sl-service-account]

Kadah Coba commented at 2015-12-21T19:47:29Z

Yeah, that makes MOAP->SL communication much easier, far less latency, and more reliable than LSL HTTP-in.

[sl-service-account]

Jasdac Stockholm commented at 2016-03-18T14:41:17Z

Firestorm is now affected by this issue as well. I've updated the description to reflect it.

[sl-service-account]

Whirly Fizzle commented at 2016-03-24T12:53:23Z

Hmm I'm not seeing a change in Firestorm behaviour. Non-Zero channel chat is still working on FS CEF for me. https://gyazo.com/310a34cf8f046b1eab5b90d1aabb6c41

[sl-service-account]

Jasdac Stockholm commented at 2016-03-24T13:54:53Z

Have you tried on FS 4.7.7? Multiple customers have complained about not being able to use it, but I have not tested it myself. I'll install it and give it a test run later today.

[sl-service-account]

Whirly Fizzle commented at 2016-03-24T14:01:52Z

Yes, Firestorm 4.7.7 release & my own compile of FS tip. If you let me know what specific problems they are seeing I can test on FS & LL. Which of your products is affected? Do you have a demo?

[sl-service-account]

Jasdac Stockholm commented at 2016-03-24T14:14:02Z

I just tried with 4.7.7 and it works for me. I'll try to contact the customers that were affected and ask for more info.