Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Elicitation: clarify clickable URL language #1811

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pcarleton merged 1 commit into from
Nov 13, 2025
Merged

Elicitation: clarify clickable URL language #1811

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 5 additions & 6 deletions docs/specification/draft/client/elicitation.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ For trust & safety and security:

- Servers **MUST NOT** use form mode elicitation to request sensitive information
- Servers **MUST** use URL mode for interactions involving sensitive information, such as credentials
- URLs **MUST NOT** appear in any field of an elicitation request, other than the `url` field in an URL mode request

MCP clients **MUST**:

Expand Down Expand Up @@ -699,11 +698,10 @@ Clients **MUST** return standard JSON-RPC errors for common failure cases:

MCP servers requesting elicitation:

1. **MUST NOT** include URLs in any message or schema fields as part of a form mode elicitation request.
1. **MUST NOT** include URLs in any message or schema fields as part of an URL mode elicitation request, except for the `url` field.
Comment on lines -702 to -703
Copy link
Contributor Author

@nbarbettini nbarbettini Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed these two MUSTs in favor of a SHOULD

1. **MUST NOT** include plain text sensitive information about the end-user, including credentials, personal identifiable information, etc., in the URL sent to the client.
1. **MUST NOT** provide a URL which is pre-authenticated to access a protected resource, as the URL could be used to impersonate the user by a malicious client.
Comment on lines -704 to -705
Copy link
Contributor Author

@nbarbettini nbarbettini Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These two MUSTs did not change substantively

1. **SHOULD** use HTTPS URLs for non-development environments.
1. **MUST NOT** include sensitive information about the end-user, including credentials, personal identifiable information, etc., in the URL sent to the client in a URL elicitation request.
2. **MUST NOT** provide a URL which is pre-authenticated to access a protected resource, as the URL could be used to impersonate the user by a malicious client.
3. **SHOULD NOT** include URLs intended to be clickable in any field of a form mode elicitation request.
Copy link
Contributor Author

@nbarbettini nbarbettini Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added this SHOULD - still worth calling out IMO, but I think for conformance purposes it can be a SHOULD and doesn't need to be a failing case.

4. **SHOULD** use HTTPS URLs for non-development environments.

These server requirements ensure that client implementations have clear rules about when to present a URL to the user, so that the client-side rules (below) can be consistently applied.

Expand All @@ -718,6 +716,7 @@ When handling URL mode elicitation requests, MCP clients:
For example, on iOS, [SFSafariViewController](https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller) is good, but [WkWebView](https://developer.apple.com/documentation/webkit/wkwebview) is not.
5. **SHOULD** highlight the domain of the URL to mitigate subdomain spoofing.
6. **SHOULD** have warnings for ambiguous/suspicious URIs (i.e., containing Punycode).
7. **SHOULD NOT** render URLs as clickable in any field of an elicitation request, except for the `url` field in a URL elicitation request (with the restrictions detailed above).

### Identifying the User

Expand Down