MerlinVR
Block Grabify links before loading URL
Most, if not all, VRChat video players have this problem. Someone can throw a grabify link into a video player, have it redirect to a video, and noone knows that they've just been IP grabbed. I would recommend setting a link whitelist including Youtube and other popular video-sharing sites and blocking other links to prevent Grabify (or other IP logger) links from getting loaded on a victims device
Thanks, I'll look into adding a domain disallow list. I can't really only have an allow list by default as it would break normal custom CDN use and whatnot which is fairly common for events. This sounds like something where VRC should consider blocking common low-hanging fruit IP grabbers, is there a canny for this?
Well with most IP grabber sites, they allow you to use custom URL's as well, and those are constantly being changed and updated, so there's no really effective way to block them. The way I'm doing it is a small addition to the ValidateUrl boolean, where I've added an "Else" statement below your Youtube link check that goes through a string array and check if the website is one of them, and if not it returns a "False"
I edited my quick fix into something more permanent on my end
I can make a pull-request if you'd like me too