diff --git a/samples/ProtectedMcpClient/Program.cs b/samples/ProtectedMcpClient/Program.cs index 9dc2410ea..042d47713 100644 --- a/samples/ProtectedMcpClient/Program.cs +++ b/samples/ProtectedMcpClient/Program.cs @@ -134,6 +134,13 @@ /// The URL to open. static void OpenBrowser(Uri url) { + // Validate the URI scheme - only allow safe protocols + if (url.Scheme != Uri.UriSchemeHttp && url.Scheme != Uri.UriSchemeHttps) + { + Console.WriteLine($"Error: Only HTTP and HTTPS URLs are allowed."); + return; + } + try { var psi = new ProcessStartInfo @@ -145,7 +152,7 @@ static void OpenBrowser(Uri url) } catch (Exception ex) { - Console.WriteLine($"Error opening browser. {ex.Message}"); + Console.WriteLine($"Error opening browser: {ex.Message}"); Console.WriteLine($"Please manually open this URL: {url}"); } } \ No newline at end of file