Open website in the user's default browser without letting them launch anything else?

I would like to open a website in a user's default web browser, however since the url is user-defined I would also like to prevent them from doing anything other than opening a website.

I have seen people use Process.Start(url); to open a site in the default browser, but since the url is user-defined I want to be sure they don't enter something like a script location and execute it.

I also don't want to use Process.Start("iexplore", url); since I would rather open the link in the user's default browser.

Is there a way I can open a website in the user's default browser, without letting them launch any other process or command?

EDIT

For example, I don't want users to be able to enter C:\Windows\Notepad.exe into the Customer's Website field and open Notepad when they click the Website link

EDIT #2

I am not looking for a way to filter user's access online or have th开发者_如何学Gois substitute for property security. I am simply looking for a way to prevent users from launching any other application by entering in a bad url. If they enter "google" for a Customer's website, it should not throw an Open With file dialog, but instead launch the user's default web browser with the word "google" in the URL

You could look up the default browser from the registry. It's in several different places, but I think HKEY_CURRENT_USER\Software\Classes\http\shell\open\command would be a good place to look.

Extract the executable name from that, then Process.Start it with the user-entered URL as a parameter.

I found a way to do it, however I haven't tested to see if this will work on other operating systems

I get the Path for the DefaultWebBrowser from the registry and then use Process.Start(defaultBrowserPath, url);

public static void OpenWebsite(string url)
{ 
    Process.Start(GetDefaultBrowserPath(), url);
}

private static string GetDefaultBrowserPath()
{
    string key = @"http\shell\open\command";
    RegistryKey registryKey =
    Registry.ClassesRoot.OpenSubKey(key, false);
    return ((string)registryKey.GetValue(null, null)).Split('"')[1];
}

Well, not really. What you could do is check whether it's a HTTP(s) URL, and whether the URL returns a text/html content-type - but not even that will help if the browser uses content sniffing (ignores content-type, tries to determine it from file content - IIRC IE6 does this, not sure what others).

Also, various browsers are susceptible to various security holes in malformed URLs (why does IE come to mind again?), so you may want to check for things like null hacks, EOL hacks, etc etc.

In the end, there is no perfect URL check - old/unpatched browsers will always be susceptible to some exploits, and that's not really something you can fix. You can, however, filter out most of them - whether it will be 80%, 99%, or 99.99%, depends on the amount of time you are willing to invest.

If I'm understanding you right, then there is no solution to the problem you describe. You're saying: how can I filter user-entered data (hopefully in the form of a Uri, but even a Uri is a very broad concept) to ensure that it's not malicious content. The answer is that without doing it manually, you can't.

http://here.dowloadmyvirus.com is a perfectly valid site Uri but you can never ever guarantee the content that will be served from there.

It needn't even be a Uri: if you hit Start/Run and type "iexplore c:\windows\notepad.exe" then (with IE9 RTM) I get my own local notepad.exe launched as a download. There's nothing to stop you pointing at a malicious script hosted online.

I'd suggest that you either need to limit access so that only a few trusted users can edit whatever data it is you're managing, or have an audit process in place to ensure that such content is validated before it's published.

I've worked out a way, which takes advantage of the fact that javascript runs in a sandbox.

Have a web-page (e.g. http://mydomain/LaunchPage.html) that is accessibly to your desktop application. Call it by putting your URL on the query string (so http://mydomain/LaunchPage.html?URL=http://www.google.com).

All the LaunchPage does is to use JavaScript to set the document.location.

<script>
    /*
     * Retrieve names values from the query string.
     * Based on an idea from
     * http://ilovethecode.com/Javascript/Javascript-Tutorials-How_To-Easy/Get_Query_String_Using_Javascript.shtml
    */
    function queryString(key) {
        args = window.location.search.substring(1).split("&");
        for (i = 0; i < args.length; i++) {
            keyValuePair = args[i].split("=");
            if (keyValuePair[0].toUpperCase() == key.toUpperCase()) {
                return keyValuePair[1];
            }
        }
        return null;
    }

    document.Location = queryString("URL");
</script>

If the URL is set to a local file or something, then the JavaScript sandbox will prevent it being used.

You can now use the following code in perfect safety.

Process.Start("http://mydomain/LaunchPage.html?URL=C:\Windows\Notepad.exe") 

EDIT Note that the HTML file could be installed alongside your application. If you have done this, the code to launch it would be something like:

Process.Start("c:\<InstallRoot>\LaunchPage.html?URL=C:\Windows\Notepad.exe") 

I think you can check the url to confirm that it is a valid URL not a path of an executable file.

You can use regular expressions to validate the url, have a look here here.

Good luck!

It seems to me that you are worrying about something that is not in fact a problem. If the user could run a program rather than a URL from your app, then they could just as well run a program themselves. It's only a security concern if you accept input from some entity other than the logged on user.