From 8a37b92bc83db229a788008c5a6a68cf51216ed2 Mon Sep 17 00:00:00 2001
From: Vijay Raghavan Aravamudhan <vraravam@users.noreply.github.com>
Date: Sat, 14 Aug 2021 14:52:24 +0000
Subject: Refactoring: Url helpers (#1789)

These changes are mainly to ensure that 'shell.open*' invocations are only in a single file.
* Moved 'openPath' into the 'url-helpers' file.
* Extract 'openExternalUrl' into a common location in 'url-helpers'

This is done so that we can then apply vetting rules to ensure that there is no security concern as described in https://benjamin-altpeter.de/shell-openexternal-dangers/
---
 src/webview/contextMenuBuilder.js | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'src/webview')

diff --git a/src/webview/contextMenuBuilder.js b/src/webview/contextMenuBuilder.js
index 602ce06f5..126fa4086 100644
--- a/src/webview/contextMenuBuilder.js
+++ b/src/webview/contextMenuBuilder.js
@@ -6,13 +6,12 @@
  *
  * Source: https://github.com/electron-userland/electron-spellchecker/blob/master/src/context-menu-builder.js
  */
-import {
-  clipboard, ipcRenderer, nativeImage, shell,
-} from 'electron';
+import { clipboard, ipcRenderer, nativeImage } from 'electron';
 import { Menu, MenuItem } from '@electron/remote';
 import { shortcutKey, isMac } from '../environment';
 
 import { SEARCH_ENGINE_NAMES, SEARCH_ENGINE_URLS } from '../config';
+import { openExternalUrl } from '../helpers/url-helpers';
 
 const { URL } = require('url');
 
@@ -170,7 +169,7 @@ module.exports = class ContextMenuBuilder {
     const openLink = new MenuItem({
       label: this.stringTable.openLinkUrl(),
       click: () => {
-        shell.openExternal(menuInfo.linkURL);
+        openExternalUrl(menuInfo.linkURL, true);
       },
     });
 
@@ -299,7 +298,7 @@ module.exports = class ContextMenuBuilder {
       label: this.stringTable.searchWith({ searchEngine: SEARCH_ENGINE_NAMES[menuInfo.searchEngine] }),
       click: () => {
         const url = SEARCH_ENGINE_URLS[menuInfo.searchEngine]({ searchTerm: encodeURIComponent(menuInfo.selectionText) });
-        shell.openExternal(url);
+        openExternalUrl(url, true);
       },
     });
 
@@ -555,7 +554,7 @@ module.exports = class ContextMenuBuilder {
       label: this.stringTable.openInBrowser(),
       enabled: true,
       click: () => {
-        shell.openExternal(menuInfo.pageURL);
+        openExternalUrl(menuInfo.pageURL, true);
       },
     }));
 
-- 
cgit v1.2.3-70-g09d2