feat(App): Add security checks for external URLs

author: Stefan Malzner <stefan@adlk.io> 2019-03-05 16:20:40 +0100
committer: Stefan Malzner <stefan@adlk.io> 2019-03-05 16:20:40 +0100
commit: 6e5531ae16d69087856ce7f174ba465bc759394c (patch)
tree: 510ab3208f045dbe574b53123c752b9d9349d5a3 /src/index.js
parent: Merge branch 'develop' of https://github.com/meetfranz/franz into develop (diff)
download: ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.tar.gz
ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.tar.zst
ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/src/index.js b/src/index.js
index 0614197a2..0e222c3d6 100644
--- a/src/index.js
+++ b/src/index.js
@@ -34,6 +34,7 @@ import {
  DEFAULT_WINDOW_OPTIONS,
 } from './config';
 import { asarPath } from './helpers/asar-helpers';
+import { isValidExternalURL } from './helpers/url-helpers';
 /* eslint-enable import/first */
 const debug = require('debug')('Franz:App');
@@ -294,7 +295,10 @@ const createWindow = () => {
  mainWindow.webContents.on('new-window', (e, url) => {
    debug('Open url', url);
    e.preventDefault();
-    shell.openExternal(url);
+    if (isValidExternalURL(url)) {
+      shell.openExternal(url);
+    }
  });
 };
author	Stefan Malzner <stefan@adlk.io>	2019-03-05 16:20:40 +0100
committer	Stefan Malzner <stefan@adlk.io>	2019-03-05 16:20:40 +0100
commit	6e5531ae16d69087856ce7f174ba465bc759394c (patch)
tree	510ab3208f045dbe574b53123c752b9d9349d5a3 /src/index.js
parent	Merge branch 'develop' of https://github.com/meetfranz/franz into develop (diff)
download	ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.tar.gz ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.tar.zst ferdium-app-6e5531ae16d69087856ce7f174ba465bc759394c.zip

diff --git a/src/index.js b/src/index.js index 0614197a2..0e222c3d6 100644 --- a/src/index.js +++ b/src/index.js
@@ -34,6 +34,7 @@ import {
34	DEFAULT_WINDOW_OPTIONS,	34	DEFAULT_WINDOW_OPTIONS,
35	} from './config';	35	} from './config';
36	import { asarPath } from './helpers/asar-helpers';	36	import { asarPath } from './helpers/asar-helpers';
		37	import { isValidExternalURL } from './helpers/url-helpers';
37	/* eslint-enable import/first */	38	/* eslint-enable import/first */
38		39
39	const debug = require('debug')('Franz:App');	40	const debug = require('debug')('Franz:App');
@@ -294,7 +295,10 @@ const createWindow = () => {
294	mainWindow.webContents.on('new-window', (e, url) => {	295	mainWindow.webContents.on('new-window', (e, url) => {
295	debug('Open url', url);	296	debug('Open url', url);
296	e.preventDefault();	297	e.preventDefault();
297	shell.openExternal(url);	298
		299	if (isValidExternalURL(url)) {
		300	shell.openExternal(url);
		301	}
298	});	302	});
299	};	303	};
300		304