#Fatal exploit with the Speaker item

The speaker item allows you to force open any YouTube URL for all connected clients. This is an issue in and of itself, but what makes it worse is that YouTube lets you make redirect links. This means you can force open ANY https URL for all clients, which can be exploited to download files, forcefully log you out of your Google (among many others) account or even dox people.

Actually, it's even worse. Due to the way the YouTube URL check is implemented c# if (mediaUrl.ToLower().Contains("youtube")) { Application.OpenURL(mediaUrl); }You can run any URI scheme just by adding a #youtube at the end as a comment, like file:///. This could potentially be used to even install and run malicious programs by downloading and executing a .bat file.