It seems that the generally accepted approach to launch a URL is to call

Question

0

Asked: May 17, 20262026-05-17T14:47:21+00:00 2026-05-17T14:47:21+00:00

It seems that the generally accepted approach to launch a URL is to call

0

It seems that the generally accepted approach to launch a URL is to call Process.Start, e.g.

var url = new Uri(uriString);
Process.Start(url.AbsoluteUri);

e.g. this was suggested here.

The problem with that is that if the URL is untrusted, bad things can happen. e.g. if the string is @”c:\windows\system32\notepad.exe”, the code above will launch notepad with no questions asked.

OTOH, if you try to launch a local executable like this in the browser, you get plenty of security checks before it happens.

So the question is: how can this be done safely programmatically in a clean way (in C#)?

Not-so-clean techniques we have considered:

look at the Uri protocol, and block anything that’s not http/https. This is hacky.
find the registered browser via some reg key, and launch it with the Uri on the cmd line. This type of code tends to be messy and unreliable with some browsers.

So I’m hoping for a technique that would be like a LaunchUrlThroughBrowser(url).

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-17T14:47:22+00:00

Editorial Team

2026-05-17T14:47:22+00:00Added an answer on May 17, 2026 at 2:47 pm

It appears that there is no great way to do this, short of manual filtering the URL, as explained in Safe Process.Start implementation for untrusted URL strings. So that might just be the way to go.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

It seems that the generally accepted approach to launch a URL is to call

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply