Update WindowOpenHandler to be much more secure

This commit is contained in:
smartfrigde 2022-06-03 15:18:36 +02:00
parent 12352e3536
commit 54b1481a4e

View file

@ -4,7 +4,7 @@
// I'm sorry for this mess but I'm not sure how to fix it.
import {BrowserWindow, shell, app, ipcMain, dialog, clipboard} from "electron";
import path from "path";
import {checkIfConfigIsBroken, firstRun, getConfig, contentPath, isSetup} from "./utils";
import {checkIfConfigIsBroken, firstRun, getConfig, contentPath, isSetup, setConfig} from "./utils";
import {registerIpc} from "./ipc";
import startServer from "./socket";
import contextMenu from "electron-context-menu";
@ -21,11 +21,45 @@ contextMenu({
});
async function doAfterDefiningTheWindow() {
var ignoreProtocolWarning = await getConfig("ignoreProtocolWarning");
checkIfConfigIsBroken();
registerIpc();
mainWindow.webContents.userAgent = `Mozilla/5.0 (X11; ${os.type()} ${os.arch()}) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36`; //fake useragent for screenshare to work
mainWindow.webContents.setWindowOpenHandler(({url}) => {
shell.openExternal(url);
if (url.startsWith("https:" || url.startsWith("http:") || url.startsWith("mailto:"))) {
shell.openExternal(url);
} else {
if (ignoreProtocolWarning) {
shell.openExternal(url);
} else {
const options = {
type: "question",
buttons: ["Yes, please", "No, I don't"],
defaultId: 1,
title: url,
message: `Do you want to open ${url}?`,
detail: "This url was detected to not use normal browser protocols. It could mean that this url leads to a local program on your computer. Please check if you recognise it, before proceeding!",
checkboxLabel: "Remember my answer and ignore this warning for future sessions",
checkboxChecked: false
};
dialog.showMessageBox(mainWindow, options).then(({response, checkboxChecked}) => {
console.log(response, checkboxChecked);
if (checkboxChecked) {
if (response == 0) {
setConfig("ignoreProtocolWarning", true);
} else {
setConfig("ignoreProtocolWarning", false);
}
}
if (response == 0) {
shell.openExternal(url);
} else {
return;
}
});
}
}
return {action: "deny"};
});
mainWindow.webContents.session.webRequest.onBeforeRequest((details, callback) => {