DEV-15182 VWR-5474 SEC-20: re-enabled support for clicking on the
following SLAPP URL types in an untrusted browser: secondlife:///app/agent/... secondlife:///app/group/... secondlife:///app/parcel/... In order to find a compromise between supporting these commands and security concerns over potential griefing vectors, we use a throttling solution when these commands are issued by untrusted web browsers. That is, we only process one command per 15 seconds. This applies to external browsers, like Firefox, as well as the internal SL browser. Notably, we continue to block secondlife:///app/teleport URLs. Reviewed by james.
Showing
- indra/newview/llchatbar.cpp 1 addition, 1 deletionindra/newview/llchatbar.cpp
- indra/newview/llcommandhandler.cpp 39 additions, 12 deletionsindra/newview/llcommandhandler.cpp
- indra/newview/llcommandhandler.h 9 additions, 2 deletionsindra/newview/llcommandhandler.h
- indra/newview/llfloaterhandler.h 1 addition, 1 deletionindra/newview/llfloaterhandler.h
- indra/newview/llfloaterparcel.cpp 1 addition, 1 deletionindra/newview/llfloaterparcel.cpp
- indra/newview/llgroupactions.cpp 1 addition, 1 deletionindra/newview/llgroupactions.cpp
- indra/newview/llloginhandler.h 1 addition, 1 deletionindra/newview/llloginhandler.h
- indra/newview/llmediactrl.cpp 1 addition, 8 deletionsindra/newview/llmediactrl.cpp
- indra/newview/llnearbychatbar.cpp 1 addition, 1 deletionindra/newview/llnearbychatbar.cpp
- indra/newview/llpanelclassified.cpp 1 addition, 1 deletionindra/newview/llpanelclassified.cpp
- indra/newview/llpanellogin.cpp 1 addition, 1 deletionindra/newview/llpanellogin.cpp
- indra/newview/llpanelprofile.cpp 1 addition, 1 deletionindra/newview/llpanelprofile.cpp
- indra/newview/llstatusbar.cpp 1 addition, 1 deletionindra/newview/llstatusbar.cpp
- indra/newview/llurldispatcher.cpp 1 addition, 1 deletionindra/newview/llurldispatcher.cpp
- indra/newview/skins/default/xui/en/notifications.xml 0 additions, 8 deletionsindra/newview/skins/default/xui/en/notifications.xml
Loading
Please register or sign in to comment