3

I've read the other SO questions about launching an application using JavaScript, and from what I've read it seems impossible unless one is using an outdated version of IE.

However, I notice that whenever I enter a Zoom meeting, Zoom prompts the user, "Do you want to open Zoom?" And if one clicks "yes", then the Zoom application opens. This works on all browsers, at least to my understanding.

How is this done? Is it done by using something other than JavaScript?

Sirswagger21
  • 291
  • 4
  • 17
  • Zoom installs a tiny webserver on the user's computer. Clicking the link triggers a request to a `localhost` URL, and their server opens the application. This created quite a buzz when it was discovered because on Macs at least, the server kept running after "uninstalling" Zoom, and your machine would auto-join meetings with mic and cam enabled. –  Aug 20 '20 at 11:34
  • 1
    @ChrisG This is interesting, as I had always assumed it was simply a custom URL scheme. Do you have a source for this? Would love to read more on how they're accomplishing this. – esqew Aug 20 '20 at 11:35
  • Does this answer your question? [How do I create my own URL protocol? (e.g. so://...)](https://stackoverflow.com/questions/389204/how-do-i-create-my-own-url-protocol-e-g-so) – esqew Aug 20 '20 at 11:35
  • @esqew Here's the article: https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 –  Aug 20 '20 at 11:38

1 Answers1

1

That actually has nothing to do with JavaScript.

It is using a custom protocol registered on the machine at the time the program is installed.

Basically, they register some custom protocol (like zoom://) with the OS itself at the time of installing the program. Then, all you have to do to launch it is navigate to a URL like zoom://meeting1234. The OS will see this custom protocol and launch the appropriately registered program.

Here is some documentation:

samanime
  • 25,408
  • 15
  • 90
  • 139
  • As an extra note, on mobile devices when you get a popup like when you visit Reddit about launching in their app or continue with Chrome, that is metadata placed on Reddit that the mobile browsers are responding to which is a similar idea but slightly different implementation. – samanime Aug 20 '20 at 11:38
  • what about Linux? – 0xLogN Jul 01 '21 at 20:59
  • Not sure, but googling "linux custom url protocol" will probably get you some answers. – samanime Jul 03 '21 at 10:49
  • Thanks. For future visitors: create a .desktop file with `MimeType=x-scheme-handler/MYPROTOCOL;`. – 0xLogN Jul 03 '21 at 19:28