diff options
author | Vijay Raghavan Aravamudhan <vraravam@users.noreply.github.com> | 2021-08-14 14:52:24 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-08-14 20:22:24 +0530 |
commit | 8a37b92bc83db229a788008c5a6a68cf51216ed2 (patch) | |
tree | 1929798a3aa4089203668bd2b93dba497363eb5a /src/helpers | |
parent | New Crowdin updates (#1786) (diff) | |
download | ferdium-app-8a37b92bc83db229a788008c5a6a68cf51216ed2.tar.gz ferdium-app-8a37b92bc83db229a788008c5a6a68cf51216ed2.tar.zst ferdium-app-8a37b92bc83db229a788008c5a6a68cf51216ed2.zip |
Refactoring: Url helpers (#1789)
These changes are mainly to ensure that 'shell.open*' invocations are only in a single file.
* Moved 'openPath' into the 'url-helpers' file.
* Extract 'openExternalUrl' into a common location in 'url-helpers'
This is done so that we can then apply vetting rules to ensure that there is no security concern as described in https://benjamin-altpeter.de/shell-openexternal-dangers/
Diffstat (limited to 'src/helpers')
-rw-r--r-- | src/helpers/url-helpers.js | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/helpers/url-helpers.js b/src/helpers/url-helpers.js index 972f9b79a..b0dc9afbb 100644 --- a/src/helpers/url-helpers.js +++ b/src/helpers/url-helpers.js | |||
@@ -1,4 +1,8 @@ | |||
1 | // This is taken from: https://benjamin-altpeter.de/shell-openexternal-dangers/ | ||
2 | |||
1 | import { URL } from 'url'; | 3 | import { URL } from 'url'; |
4 | import { ensureDirSync } from 'fs-extra'; | ||
5 | import { shell } from 'electron'; | ||
2 | 6 | ||
3 | import { ALLOWED_PROTOCOLS } from '../config'; | 7 | import { ALLOWED_PROTOCOLS } from '../config'; |
4 | 8 | ||
@@ -18,3 +22,15 @@ export function isValidExternalURL(url) { | |||
18 | 22 | ||
19 | return isAllowed; | 23 | return isAllowed; |
20 | } | 24 | } |
25 | |||
26 | export async function openPath(folderName) { | ||
27 | ensureDirSync(folderName); | ||
28 | shell.openPath(folderName); | ||
29 | } | ||
30 | |||
31 | // TODO: Need to verify and fix/remove the skipping logic. Ideally, we should never skip this check | ||
32 | export function openExternalUrl(url, skipValidityCheck = false) { | ||
33 | if (skipValidityCheck || isValidExternalURL(url)) { | ||
34 | shell.openExternal(url); | ||
35 | } | ||
36 | } | ||