diff options
author | Stefan Malzner <stefan@adlk.io> | 2019-03-05 16:20:40 +0100 |
---|---|---|
committer | Stefan Malzner <stefan@adlk.io> | 2019-03-05 16:20:40 +0100 |
commit | 6e5531ae16d69087856ce7f174ba465bc759394c (patch) | |
tree | 510ab3208f045dbe574b53123c752b9d9349d5a3 /src/index.js | |
parent | Merge branch 'develop' of https://github.com/meetfranz/franz into develop (diff) | |
download | ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.tar.gz ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.tar.zst ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.zip |
feat(App): Add security checks for external URLs
Diffstat (limited to 'src/index.js')
-rw-r--r-- | src/index.js | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/index.js b/src/index.js index 0614197a2..0e222c3d6 100644 --- a/src/index.js +++ b/src/index.js | |||
@@ -34,6 +34,7 @@ import { | |||
34 | DEFAULT_WINDOW_OPTIONS, | 34 | DEFAULT_WINDOW_OPTIONS, |
35 | } from './config'; | 35 | } from './config'; |
36 | import { asarPath } from './helpers/asar-helpers'; | 36 | import { asarPath } from './helpers/asar-helpers'; |
37 | import { isValidExternalURL } from './helpers/url-helpers'; | ||
37 | /* eslint-enable import/first */ | 38 | /* eslint-enable import/first */ |
38 | 39 | ||
39 | const debug = require('debug')('Franz:App'); | 40 | const debug = require('debug')('Franz:App'); |
@@ -294,7 +295,10 @@ const createWindow = () => { | |||
294 | mainWindow.webContents.on('new-window', (e, url) => { | 295 | mainWindow.webContents.on('new-window', (e, url) => { |
295 | debug('Open url', url); | 296 | debug('Open url', url); |
296 | e.preventDefault(); | 297 | e.preventDefault(); |
297 | shell.openExternal(url); | 298 | |
299 | if (isValidExternalURL(url)) { | ||
300 | shell.openExternal(url); | ||
301 | } | ||
298 | }); | 302 | }); |
299 | }; | 303 | }; |
300 | 304 | ||