From 6e5531ae16d69087856ce7f174ba465bc759394c Mon Sep 17 00:00:00 2001
From: Stefan Malzner <stefan@adlk.io>
Date: Tue, 5 Mar 2019 16:20:40 +0100
Subject: feat(App): Add security checks for external URLs

---
 src/index.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/index.js')

diff --git a/src/index.js b/src/index.js
index 0614197a2..0e222c3d6 100644
--- a/src/index.js
+++ b/src/index.js
@@ -34,6 +34,7 @@ import {
   DEFAULT_WINDOW_OPTIONS,
 } from './config';
 import { asarPath } from './helpers/asar-helpers';
+import { isValidExternalURL } from './helpers/url-helpers';
 /* eslint-enable import/first */
 
 const debug = require('debug')('Franz:App');
@@ -294,7 +295,10 @@ const createWindow = () => {
   mainWindow.webContents.on('new-window', (e, url) => {
     debug('Open url', url);
     e.preventDefault();
-    shell.openExternal(url);
+
+    if (isValidExternalURL(url)) {
+      shell.openExternal(url);
+    }
   });
 };
 
-- 
cgit v1.2.3-54-g00ecf