mirrors/Equicord
1
1
Fork 0
mirror of https://github.com/Equicord/Equicord.git synced 2025-06-23 13:27:03 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

security: remove openPath, restrict openExternal

Browse source 
Now only allows opening http urls.
This commit is contained in:
Vendicated 2022-10-03 19:17:54 +02:00
parent 71a59f4020
commit 8fe60971f5
No known key found for this signature in database
GPG key ID: EC781ADFB93EFFA3
3 changed files with 15 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/ipcMain/index.ts
View file

@ -29,8 +29,19 @@ function readSettings() {
// Fix for screensharing in Electron >= 17
ipcMain.handle(IpcEvents.GET_DESKTOP_CAPTURE_SOURCES, (_, opts) => desktopCapturer.getSources(opts));
ipcMain.handle(IpcEvents.OPEN_PATH, (_, ...pathElements) => shell.openPath(join(...pathElements)));
ipcMain.handle(IpcEvents.OPEN_EXTERNAL, (_, url) => shell.openExternal(url));
ipcMain.handle(IpcEvents.OPEN_QUICKCSS, () => shell.openPath(QUICKCSS_PATH));
ipcMain.handle(IpcEvents.OPEN_EXTERNAL, (_, url) => {
try {
var { protocol } = new URL(url);
} catch {
throw "Malformed URL";
}
if (protocol !== "https:" && protocol !== "http:")
throw "Disallowed protocol.";
shell.openExternal(url);
});
ipcMain.handle(IpcEvents.GET_QUICK_CSS, () => readCss());