Opening external web link security concern
Surge Allen
If you open a weblink in the browser based viewer, it tries to open it in the internal viewer browser "use the default system browser for all links" and "enable java script" is enabled.
That seems like a security risk as the internal browser is far out of date and lacks modern security, especially with java enable. Best would be to change to external browser by default or disable the internal browser completely
Log In
Beatrice Voxel
Several TPV's (Alchemy among them) have a setting for limiting the viewer's browser to LL-owned domains only. It does NOT so constrain media-as-texture uses though. This is a step in the right direction, as LL-operated domains can be vetted and policed by LL staff.
But it doesn't solve the underlying problem of a viewer being so out of date that it still (ugh) recognizes and renders javascript if enabled, and also has no means to differentiate between LL-operated and external sites.
Surge Allen
Beatrice Voxel seeing "java enabled" , already gave me chills. Thats why I opened this concern. I could imagine bad actors exploring this
Beatrice Voxel
Surge Allen I know, right? Java's been deprecated for HOW long now?