modelcontextprotocol
diff --git a/‎client/src/App.tsx‎
Lines changed: 0 additions & 16 deletions b/‎client/src/App.tsx‎
Lines changed: 0 additions & 16 deletions
diff --git a/‎client/src/components/AuthDebugger.tsx‎
Lines changed: 18 additions & 0 deletions b/‎client/src/components/AuthDebugger.tsx‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎client/src/components/OAuthFlowProgress.tsx‎
Lines changed: 39 additions & 6 deletions b/‎client/src/components/OAuthFlowProgress.tsx‎
Lines changed: 39 additions & 6 deletions
diff --git a/‎client/src/components/Sidebar.tsx‎
Lines changed: 1 addition & 35 deletions b/‎client/src/components/Sidebar.tsx‎
Lines changed: 1 addition & 35 deletions
@@ -34,7 +34,6 @@ import {
   useDraggablePane,
   useDraggableSidebar,
 } from "./lib/hooks/useDraggablePane";
-import { StdErrNotification } from "./lib/notificationTypes";
 
 import { Tabs, TabsContent, TabsList, TabsTrigger } from "@/components/ui/tabs";
 import { Button } from "@/components/ui/button";
@@ -106,9 +105,6 @@ const App = () => {
   >(getInitialTransportType);
   const [logLevel, setLogLevel] = useState<LoggingLevel>("debug");
   const [notifications, setNotifications] = useState<ServerNotification[]>([]);
-  const [stdErrNotifications, setStdErrNotifications] = useState<
-    StdErrNotification[]
-  >([]);
   const [roots, setRoots] = useState<Root[]>([]);
   const [env, setEnv] = useState<Record<string, string>>({});
 
@@ -224,12 +220,6 @@ const App = () => {
     onNotification: (notification) => {
       setNotifications((prev) => [...prev, notification as ServerNotification]);
     },
-    onStdErrNotification: (notification) => {
-      setStdErrNotifications((prev) => [
-        ...prev,
-        notification as StdErrNotification,
-      ]);
-    },
     onPendingRequest: (request, resolve, reject) => {
       setPendingSampleRequests((prev) => [
         ...prev,
@@ -757,10 +747,6 @@ const App = () => {
     setLogLevel(level);
   };
 
-  const clearStdErrNotifications = () => {
-    setStdErrNotifications([]);
-  };
-
   const AuthDebuggerWrapper = () => (
     <TabsContent value="auth">
       <AuthDebugger
@@ -829,11 +815,9 @@ const App = () => {
           setOauthScope={setOauthScope}
           onConnect={connectMcpServer}
           onDisconnect={disconnectMcpServer}
-          stdErrNotifications={stdErrNotifications}
           logLevel={logLevel}
           sendLogLevelRequest={sendLogLevelRequest}
           loggingSupported={!!serverCapabilities?.logging || false}
-          clearStdErrNotifications={clearStdErrNotifications}
         />
         <div
           onMouseDown={handleSidebarDragStart}
 
@@ -6,6 +6,7 @@ import { AuthDebuggerState, EMPTY_DEBUGGER_STATE } from "../lib/auth-types";
 import { OAuthFlowProgress } from "./OAuthFlowProgress";
 import { OAuthStateMachine } from "../lib/oauth-state-machine";
 import { SESSION_KEYS } from "../lib/constants";
+import { validateRedirectUrl } from "@/utils/urlValidation";
 
 export interface AuthDebuggerProps {
   serverUrl: string;
@@ -163,6 +164,23 @@ const AuthDebugger = ({
           currentState.oauthStep === "authorization_code" &&
           currentState.authorizationUrl
         ) {
+          // Validate the URL before redirecting
+          try {
+            validateRedirectUrl(currentState.authorizationUrl);
+          } catch (error) {
+            updateAuthState({
+              ...currentState,
+              isInitiatingAuth: false,
+              latestError:
+                error instanceof Error ? error : new Error(String(error)),
+              statusMessage: {
+                type: "error",
+                message: `Invalid authorization URL: ${error instanceof Error ? error.message : String(error)}`,
+              },
+            });
+            return;
+          }
+
           // Store the current auth state before redirecting
           sessionStorage.setItem(
             SESSION_KEYS.AUTH_DEBUGGER_STATE,
 
@@ -4,6 +4,8 @@ import { Button } from "./ui/button";
 import { DebugInspectorOAuthClientProvider } from "@/lib/auth";
 import { useEffect, useMemo, useState } from "react";
 import { OAuthClientInformation } from "@modelcontextprotocol/sdk/shared/auth.js";
+import { validateRedirectUrl } from "@/utils/urlValidation";
+import { useToast } from "@/lib/hooks/useToast";
 
 interface OAuthStepProps {
   label: string;
@@ -71,6 +73,7 @@ export const OAuthFlowProgress = ({
   updateAuthState,
   proceedToNextStep,
 }: OAuthFlowProgressProps) => {
+  const { toast } = useToast();
   const provider = useMemo(
     () => new DebugInspectorOAuthClientProvider(serverUrl),
     [serverUrl],
@@ -239,16 +242,32 @@ export const OAuthFlowProgress = ({
                 <p className="text-xs break-all">
                   {authState.authorizationUrl}
                 </p>
-                <a
-                  href={authState.authorizationUrl}
-                  target="_blank"
-                  rel="noopener noreferrer"
+                <button
+                  onClick={() => {
+                    try {
+                      validateRedirectUrl(authState.authorizationUrl!);
+                      window.open(
+                        authState.authorizationUrl!,
+                        "_blank",
+                        "noopener noreferrer",
+                      );
+                    } catch (error) {
+                      toast({
+                        title: "Invalid URL",
+                        description:
+                          error instanceof Error
+                            ? error.message
+                            : "The authorization URL is not valid",
+                        variant: "destructive",
+                      });
+                    }
+                  }}
                   className="flex items-center text-blue-500 hover:text-blue-700"
                   aria-label="Open authorization URL in new tab"
                   title="Open authorization URL"
                 >
                   <ExternalLink className="h-4 w-4" />
-                </a>
+                </button>
               </div>
               <p className="text-xs text-muted-foreground mt-2">
                 Click the link to authorize in your browser. After
@@ -354,7 +373,21 @@ export const OAuthFlowProgress = ({
           authState.authorizationUrl && (
             <Button
               variant="outline"
-              onClick={() => window.open(authState.authorizationUrl!, "_blank")}
+              onClick={() => {
+                try {
+                  validateRedirectUrl(authState.authorizationUrl!);
+                  window.open(authState.authorizationUrl!, "_blank");
+                } catch (error) {
+                  toast({
+                    title: "Invalid URL",
+                    description:
+                      error instanceof Error
+                        ? error.message
+                        : "The authorization URL is not valid",
+                    variant: "destructive",
+                  });
+                }
+              }}
             >
               Open in New Tab
             </Button>
 
@@ -24,7 +24,6 @@ import {
   SelectTrigger,
   SelectValue,
 } from "@/components/ui/select";
-import { StdErrNotification } from "@/lib/notificationTypes";
 import {
   LoggingLevel,
   LoggingLevelSchema,
@@ -62,8 +61,6 @@ interface SidebarProps {
   setOauthScope: (scope: string) => void;
   onConnect: () => void;
   onDisconnect: () => void;
-  stdErrNotifications: StdErrNotification[];
-  clearStdErrNotifications: () => void;
   logLevel: LoggingLevel;
   sendLogLevelRequest: (level: LoggingLevel) => void;
   loggingSupported: boolean;
@@ -93,8 +90,6 @@ const Sidebar = ({
   setOauthScope,
   onConnect,
   onDisconnect,
-  stdErrNotifications,
-  clearStdErrNotifications,
   logLevel,
   sendLogLevelRequest,
   loggingSupported,
@@ -268,6 +263,7 @@ const Sidebar = ({
                   placeholder="Command"
                   value={command}
                   onChange={(e) => setCommand(e.target.value)}
+                  onBlur={(e) => setCommand(e.target.value.trim())}
                   className="font-mono"
                 />
               </div>
@@ -760,36 +756,6 @@ const Sidebar = ({
                 </Select>
               </div>
             )}
-
-            {stdErrNotifications.length > 0 && (
-              <>
-                <div className="mt-4 border-t border-gray-200 pt-4">
-                  <div className="flex justify-between items-center">
-                    <h3 className="text-sm font-medium">
-                      Error output from MCP server
-                    </h3>
-                    <Button
-                      variant="outline"
-                      size="sm"
-                      onClick={clearStdErrNotifications}
-                      className="h-8 px-2"
-                    >
-                      Clear
-                    </Button>
-                  </div>
-                  <div className="mt-2 max-h-80 overflow-y-auto">
-                    {stdErrNotifications.map((notification, index) => (
-                      <div
-                        key={index}
-                        className="text-sm text-red-500 font-mono py-2 border-b border-gray-200 last:border-b-0"
-                      >
-                        {notification.params.content}
-                      </div>
-                    ))}
-                  </div>
-                </div>
-              </>
-            )}
           </div>
         </div>
       </div>