fix: prevent command injection in example URL opening

Replace exec() with execFile() and add URL scheme validation in both
elicitationUrlExample.ts and simpleOAuthClient.ts.

The previous code used exec() with string interpolation, which invokes
a shell and allows command injection via crafted URLs containing shell
metacharacters (e.g., double-quote escapes and & as command separators).

Changes:
- Use execFile() with array arguments instead of exec() with string
  interpolation to avoid shell interpretation
- Add cross-platform support (open/xdg-open/start) instead of
  hardcoding macOS open command
- Add URL scheme allowlist (http/https only) to prevent abuse via
  dangerous protocol handlers (file://, smb://, ms-msdt://, etc.)

Author: maxisbey

examples/client/package.json

@@ -36,12 +36,13 @@
     "dependencies": {
         "@modelcontextprotocol/client": "workspace:^",
         "ajv": "catalog:runtimeShared",
+        "open": "^11.0.0",
         "zod": "catalog:runtimeShared"
     },
     "devDependencies": {
+        "@modelcontextprotocol/eslint-config": "workspace:^",
         "@modelcontextprotocol/examples-shared": "workspace:^",
         "@modelcontextprotocol/tsconfig": "workspace:^",
-        "@modelcontextprotocol/eslint-config": "workspace:^",
         "@modelcontextprotocol/vitest-config": "workspace:^",
         "tsdown": "catalog:devTools"
     }

examples/client/src/elicitationUrlExample.ts

@@ -5,7 +5,6 @@
 // URL elicitation allows servers to prompt the end-user to open a URL in their browser
 // to collect sensitive information.
 
-import { exec } from 'node:child_process';
 import { createServer } from 'node:http';
 import { createInterface } from 'node:readline';
 
@@ -29,6 +28,7 @@ import {
     UnauthorizedError,
     UrlElicitationRequiredError
 } from '@modelcontextprotocol/client';
+import open from 'open';
 
 import { InMemoryOAuthClientProvider } from './simpleOAuthClientProvider.js';
 
@@ -272,15 +272,25 @@ async function elicitationLoop(): Promise<void> {
     }
 }
 
-async function openBrowser(url: string): Promise<void> {
-    const command = `open "${url}"`;
+const ALLOWED_SCHEMES = new Set(['http:', 'https:']);
 
-    exec(command, error => {
-        if (error) {
-            console.error(`Failed to open browser: ${error.message}`);
-            console.log(`Please manually open: ${url}`);
+async function openBrowser(url: string): Promise<void> {
+    try {
+        const parsed = new URL(url);
+        if (!ALLOWED_SCHEMES.has(parsed.protocol)) {
+            console.error(`Refusing to open URL with unsupported scheme '${parsed.protocol}': ${url}`);
+            return;
         }
-    });
+    } catch {
+        console.error(`Invalid URL: ${url}`);
+        return;
+    }
+
+    try {
+        await open(url);
+    } catch {
+        console.log(`Please manually open: ${url}`);
+    }
 }
 
 /**

examples/client/src/simpleOAuthClient.ts

@@ -1,6 +1,5 @@
 #!/usr/bin/env node
 
-import { exec } from 'node:child_process';
 import { createServer } from 'node:http';
 import { createInterface } from 'node:readline';
 import { URL } from 'node:url';
@@ -13,6 +12,7 @@ import {
     StreamableHTTPClientTransport,
     UnauthorizedError
 } from '@modelcontextprotocol/client';
+import open from 'open';
 
 import { InMemoryOAuthClientProvider } from './simpleOAuthClientProvider.js';
 
@@ -49,17 +49,27 @@ class InteractiveOAuthClient {
     /**
      * Opens the authorization URL in the user's default browser
      */
+    private static readonly ALLOWED_SCHEMES = new Set(['http:', 'https:']);
+
     private async openBrowser(url: string): Promise<void> {
         console.log(`🌐 Opening browser for authorization: ${url}`);
 
-        const command = `open "${url}"`;
-
-        exec(command, error => {
-            if (error) {
-                console.error(`Failed to open browser: ${error.message}`);
-                console.log(`Please manually open: ${url}`);
+        try {
+            const parsed = new URL(url);
+            if (!InteractiveOAuthClient.ALLOWED_SCHEMES.has(parsed.protocol)) {
+                console.error(`Refusing to open URL with unsupported scheme '${parsed.protocol}': ${url}`);
+                return;
             }
-        });
+        } catch {
+            console.error(`Invalid URL: ${url}`);
+            return;
+        }
+
+        try {
+            await open(url);
+        } catch {
+            console.log(`Please manually open: ${url}`);
+        }
     }
     /**
      * Example OAuth callback handler - in production, use a more robust approach