Unfortunately OpenURL() can still be misused.
If we call the function with our own string all is fine, but if we let a user input an URL to open there is a risk.
A user could could craft the string to already contain the quoting and then run another command afterwards resulting in:
OpenURL("https://www.raylib.com/' ; 'rm -rf /");
For this reason we should only call this function if we control the string given (for opening our game website) or we need to parse the URL and escape the quotes.
Unfortunately
OpenURL()can still be misused.If we call the function with our own string all is fine, but if we let a user input an URL to open there is a risk.
A user could could craft the string to already contain the quoting and then run another command afterwards resulting in:
For this reason we should only call this function if we control the string given (for opening our game website) or we need to parse the URL and escape the quotes.