[v1.x] fix: prevent command injection in example URL opening by maxisbey · Pull Request #2085 · modelcontextprotocol/python-sdk
Backport of #2082 to v1.x. Replace platform-specific subprocess calls with webbrowser.open() and add URL scheme validation (http/https allowlist) to block dangerous protocol handlers in the URL elicitation example client.
maxisbey
deleted the
fix/example-command-injection-v1x
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters