From 67bbfc00e0cf6c7dea75c2996af4576ae5fb25a2 Mon Sep 17 00:00:00 2001
From: Max Isbey <224885523+maxisbey@users.noreply.github.com>
Date: Wed, 18 Feb 2026 15:40:08 +0000
Subject: [PATCH 1/2] fix: prevent command injection in example URL opening

Backport of #2082 to v1.x.

Replace platform-specific subprocess calls with webbrowser.open() and add
URL scheme validation (http/https allowlist) to block dangerous protocol
handlers in the URL elicitation example client.
---
 .../clients/url_elicitation_client.py         | 38 +++++++++----------
 1 file changed, 18 insertions(+), 20 deletions(-)

diff --git a/examples/snippets/clients/url_elicitation_client.py b/examples/snippets/clients/url_elicitation_client.py
index 56457512c..a370b8ff0 100644
--- a/examples/snippets/clients/url_elicitation_client.py
+++ b/examples/snippets/clients/url_elicitation_client.py
@@ -24,8 +24,6 @@
 
 import asyncio
 import json
-import subprocess
-import sys
 import webbrowser
 from typing import Any
 from urllib.parse import urlparse
@@ -56,15 +54,19 @@ async def handle_elicitation(
         )
 
 
+ALLOWED_SCHEMES = {"http", "https"}
+
+
 async def handle_url_elicitation(
     params: types.ElicitRequestParams,
 ) -> types.ElicitResult:
     """Handle URL mode elicitation - show security warning and optionally open browser.
 
     This function demonstrates the security-conscious approach to URL elicitation:
-    1. Display the full URL and domain for user inspection
-    2. Show the server's reason for requesting this interaction
-    3. Require explicit user consent before opening any URL
+    1. Validate the URL scheme before prompting the user
+    2. Display the full URL and domain for user inspection
+    3. Show the server's reason for requesting this interaction
+    4. Require explicit user consent before opening any URL
     """
     # Extract URL parameters - these are available on URL mode requests
     url = getattr(params, "url", None)
@@ -75,6 +77,12 @@ async def handle_url_elicitation(
         print("Error: No URL provided in elicitation request")
         return types.ElicitResult(action="cancel")
 
+    # Reject dangerous URL schemes before prompting the user
+    parsed = urlparse(str(url))
+    if parsed.scheme.lower() not in ALLOWED_SCHEMES:
+        print(f"\nRejecting URL with disallowed scheme '{parsed.scheme}': {url}")
+        return types.ElicitResult(action="decline")
+
     # Extract domain for security display
     domain = extract_domain(url)
 
@@ -105,7 +113,11 @@ async def handle_url_elicitation(
 
     # Open the browser
     print(f"\nOpening browser to: {url}")
-    open_browser(url)
+    try:
+        webbrowser.open(url)
+    except Exception as e:
+        print(f"Failed to open browser: {e}")
+        print(f"Please manually open: {url}")
 
     print("Waiting for you to complete the interaction in your browser...")
     print("(The server will continue once you've finished)")
@@ -121,20 +133,6 @@ def extract_domain(url: str) -> str:
         return "unknown"
 
 
-def open_browser(url: str) -> None:
-    """Open URL in the default browser."""
-    try:
-        if sys.platform == "darwin":
-            subprocess.run(["open", url], check=False)
-        elif sys.platform == "win32":
-            subprocess.run(["start", url], shell=True, check=False)
-        else:
-            webbrowser.open(url)
-    except Exception as e:
-        print(f"Failed to open browser: {e}")
-        print(f"Please manually open: {url}")
-
-
 async def call_tool_with_error_handling(
     session: ClientSession,
     tool_name: str,

From 04239603b9a5c290f1e642147c55db827027e40c Mon Sep 17 00:00:00 2001
From: Max Isbey <224885523+maxisbey@users.noreply.github.com>
Date: Wed, 18 Feb 2026 17:53:25 +0000
Subject: [PATCH 2/2] fix: use logger.exception instead of print for error
 logging

---
 examples/snippets/clients/url_elicitation_client.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/examples/snippets/clients/url_elicitation_client.py b/examples/snippets/clients/url_elicitation_client.py
index a370b8ff0..706c6751b 100644
--- a/examples/snippets/clients/url_elicitation_client.py
+++ b/examples/snippets/clients/url_elicitation_client.py
@@ -24,6 +24,7 @@
 
 import asyncio
 import json
+import logging
 import webbrowser
 from typing import Any
 from urllib.parse import urlparse
@@ -34,6 +35,8 @@
 from mcp.shared.exceptions import McpError, UrlElicitationRequiredError
 from mcp.types import URL_ELICITATION_REQUIRED
 
+logger = logging.getLogger(__name__)
+
 
 async def handle_elicitation(
     context: RequestContext[ClientSession, Any],
@@ -115,8 +118,8 @@ async def handle_url_elicitation(
     print(f"\nOpening browser to: {url}")
     try:
         webbrowser.open(url)
-    except Exception as e:
-        print(f"Failed to open browser: {e}")
+    except Exception:
+        logger.exception("Failed to open browser")
         print(f"Please manually open: {url}")
 
     print("Waiting for you to complete the interaction in your browser...")