From d8f1bf828e7fc2dc4e5086e0441ca8b2cac8a878 Mon Sep 17 00:00:00 2001
From: "den (work)" <53200638+localden@users.noreply.github.com>
Date: Wed, 1 Oct 2025 16:24:28 -0700
Subject: [PATCH] Update Program.cs

---
 samples/ProtectedMcpClient/Program.cs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/samples/ProtectedMcpClient/Program.cs b/samples/ProtectedMcpClient/Program.cs
index 9dc2410ea..042d47713 100644
--- a/samples/ProtectedMcpClient/Program.cs
+++ b/samples/ProtectedMcpClient/Program.cs
@@ -134,6 +134,13 @@
 /// <param name="url">The URL to open.</param>
 static void OpenBrowser(Uri url)
 {
+    // Validate the URI scheme - only allow safe protocols
+    if (url.Scheme != Uri.UriSchemeHttp && url.Scheme != Uri.UriSchemeHttps)
+    {
+        Console.WriteLine($"Error: Only HTTP and HTTPS URLs are allowed.");
+        return;
+    }
+
     try
     {
         var psi = new ProcessStartInfo
@@ -145,7 +152,7 @@ static void OpenBrowser(Uri url)
     }
     catch (Exception ex)
     {
-        Console.WriteLine($"Error opening browser. {ex.Message}");
+        Console.WriteLine($"Error opening browser: {ex.Message}");
         Console.WriteLine($"Please manually open this URL: {url}");
     }
 }
\ No newline at end of file