[SecurityUtils] Remove sseoAllowlist option, have rewrite only
This commit is contained in:
parent
b01660d49f
commit
4280c4ca70
|
@ -26,7 +26,6 @@ You can configure OpenAsar via `settings.json` (found in your Discord app data /
|
||||||
- `autoupdate` (bool, default true) - whether to autoupdate OpenAsar after Discord startup
|
- `autoupdate` (bool, default true) - whether to autoupdate OpenAsar after Discord startup
|
||||||
- `updatePrompt` (bool, default false) - whether to show update prompt after updating OpenAsar
|
- `updatePrompt` (bool, default false) - whether to show update prompt after updating OpenAsar
|
||||||
- `splashText` (bool, default true) - whether to show bottom right version info text in splash
|
- `splashText` (bool, default true) - whether to show bottom right version info text in splash
|
||||||
- `ssoeAllowlist` (bool, default true) - whether to use safer custom method of opening external urls (true) or normal Discord's method (false)
|
|
||||||
|
|
||||||
### Extra Discord Options
|
### Extra Discord Options
|
||||||
- `multiInstance` (bool, default false) - whether to enable multi-instance
|
- `multiInstance` (bool, default false) - whether to enable multi-instance
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
const { shell } = require('electron');
|
const { shell } = require('electron');
|
||||||
|
|
||||||
const BLOCKED_URL_PROTOCOLS = ['file:', 'javascript:', 'vbscript:', 'data:', 'about:', 'chrome:', 'ms-cxh:', 'ms-cxh-full:', 'ms-word:']; // From Discord
|
|
||||||
const allowedProtocols = [ 'https:', 'http:' ];
|
const allowedProtocols = [ 'https:', 'http:' ];
|
||||||
|
|
||||||
exports.saferShellOpenExternal = (url) => {
|
exports.saferShellOpenExternal = (url) => {
|
||||||
let parsed;
|
let parsed;
|
||||||
|
|
||||||
|
@ -10,16 +8,7 @@ exports.saferShellOpenExternal = (url) => {
|
||||||
parsed = new URL(url);
|
parsed = new URL(url);
|
||||||
} catch (_e) { return Promise.reject(); }
|
} catch (_e) { return Promise.reject(); }
|
||||||
|
|
||||||
const protocol = parsed.protocol?.toLowerCase();
|
if (!allowedProtocols.includes(parsed.protocol?.toLowerCase())) return Promise.reject(); // Only allow some protocols
|
||||||
|
|
||||||
let disallowed = false;
|
|
||||||
if (oaConfig.ssoeAllowlist === false) { // Allow config option to use traditional Discord check for compatibility
|
|
||||||
if (!protocol || BLOCKED_URL_PROTOCOLS.includes(protocol)) disallowed = true;
|
|
||||||
} else {
|
|
||||||
if (!allowedProtocols.includes(protocol)) disallowed = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (disallowed) return Promise.reject();
|
|
||||||
|
|
||||||
return shell.openExternal(url);
|
return shell.openExternal(url);
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue