From 2799d8b130d7d400ea5bf2dbf1e3ce8b529a8843 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= <kasper93@gmail.com>
Date: Sun, 23 Feb 2025 04:56:56 +0100
Subject: [PATCH] mac/apphub: remove mpv:// protocol handling

It has been moved to the mpv core with additional security
considerations, including filtering unsafe protocols from being opened
via the URL handler.

While we are not aware of any active exploitation, naive protocol
handling could allow the use of niche protocols in FFmpeg, which, in
turn, might load native code. How such native code would be dropped on
the local machine is another question.

This remains theoretical, but it's better to be safe than sorry.

Fixes: 494d40858351bbe4a83c98758440621d3fcdc5c9
---
 osdep/mac/app_hub.swift | 2 --
 1 file changed, 2 deletions(-)

diff --git a/osdep/mac/app_hub.swift b/osdep/mac/app_hub.swift
index e83f5447bb..879b084ca5 100644
--- a/osdep/mac/app_hub.swift
+++ b/osdep/mac/app_hub.swift
@@ -36,7 +36,6 @@ class AppHub: NSObject {
     var cocoaCb: CocoaCB?
 #endif
 
-    let MPV_PROTOCOL: String = "mpv://"
     var isApplication: Bool { return NSApp is Application }
     var isBundle: Bool { return ProcessInfo.processInfo.environment["MPVBUNDLE"] == "true" }
     var openEvents: Int = 0
@@ -109,7 +108,6 @@ class AppHub: NSObject {
         let files = urls.map {
             if $0.isFileURL { return $0.path }
             var path = $0.absoluteString
-            if path.hasPrefix(MPV_PROTOCOL) { path.removeFirst(MPV_PROTOCOL.count) }
             return path.removingPercentEncoding ?? path
         }.sorted { (strL: String, strR: String) -> Bool in
             return strL.localizedStandardCompare(strR) == .orderedAscending