add.[ALL]

2023-05-21 16:28:12 +05:30 · 2023-05-21 16:28:12 +05:30 · 780ad9a200
commit 780ad9a200
parent 5ac24c8cea
54 changed files with 3733 additions and 0 deletions
--- a/.resources/app/common/securityUtils.js
+++ b/.resources/app/common/securityUtils.js
@ -0,0 +1,42 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.checkUrlOriginMatches = checkUrlOriginMatches;
+exports.saferShellOpenExternal = saferShellOpenExternal;
+exports.shouldOpenExternalUrl = shouldOpenExternalUrl;
+var _electron = require("electron");
+var _url = _interopRequireDefault(require("url"));
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+const BLOCKED_URL_PROTOCOLS = ['file:', 'javascript:', 'vbscript:', 'data:', 'about:', 'chrome:', 'ms-cxh:', 'ms-cxh-full:', 'ms-word:'];
+function shouldOpenExternalUrl(externalUrl) {
+  let parsedUrl;
+  try {
+    parsedUrl = _url.default.parse(externalUrl);
+  } catch (_) {
+    return false;
+  }
+  if (parsedUrl.protocol == null || BLOCKED_URL_PROTOCOLS.includes(parsedUrl.protocol.toLowerCase())) {
+    return false;
+  }
+  return true;
+}
+function saferShellOpenExternal(externalUrl) {
+  if (shouldOpenExternalUrl(externalUrl)) {
+    return _electron.shell.openExternal(externalUrl);
+  } else {
+    return Promise.reject(new Error('External url open request blocked'));
+  }
+}
+function checkUrlOriginMatches(urlA, urlB) {
+  let parsedUrlA;
+  let parsedUrlB;
+  try {
+    parsedUrlA = _url.default.parse(urlA);
+    parsedUrlB = _url.default.parse(urlB);
+  } catch (_) {
+    return false;
+  }
+  return parsedUrlA.protocol === parsedUrlB.protocol && parsedUrlA.slashes === parsedUrlB.slashes && parsedUrlA.host === parsedUrlB.host;
+}