Update WindowOpenHandler to be much more secure

2024-08-14 23:56:58 +00:00 · 2022-06-03 15:18:36 +02:00 · 2022-06-03 15:18:36 +02:00 · 54b1481a4e
commit 54b1481a4e
parent 12352e3536
1 changed files with 36 additions and 2 deletions
--- a/src/window.ts
+++ b/src/window.ts
@ -4,7 +4,7 @@
 // I'm sorry for this mess but I'm not sure how to fix it.
 import {BrowserWindow, shell, app, ipcMain, dialog, clipboard} from "electron";
 import path from "path";
-import {checkIfConfigIsBroken, firstRun, getConfig, contentPath, isSetup} from "./utils";
+import {checkIfConfigIsBroken, firstRun, getConfig, contentPath, isSetup, setConfig} from "./utils";
 import {registerIpc} from "./ipc";
 import startServer from "./socket";
 import contextMenu from "electron-context-menu";
@ -21,11 +21,45 @@ contextMenu({
 });

 async function doAfterDefiningTheWindow() {
+    var ignoreProtocolWarning = await getConfig("ignoreProtocolWarning");
    checkIfConfigIsBroken();
    registerIpc();
    mainWindow.webContents.userAgent = `Mozilla/5.0 (X11; ${os.type()} ${os.arch()}) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36`; //fake useragent for screenshare to work
    mainWindow.webContents.setWindowOpenHandler(({url}) => {
-        shell.openExternal(url);
+        if (url.startsWith("https:" || url.startsWith("http:") || url.startsWith("mailto:"))) {
+            shell.openExternal(url);
+        } else {
+            if (ignoreProtocolWarning) {
+                shell.openExternal(url);
+            } else {
+                const options = {
+                    type: "question",
+                    buttons: ["Yes, please", "No, I don't"],
+                    defaultId: 1,
+                    title: url,
+                    message: `Do you want to open ${url}?`,
+                    detail: "This url was detected to not use normal browser protocols. It could mean that this url leads to a local program on your computer. Please check if you recognise it, before proceeding!",
+                    checkboxLabel: "Remember my answer and ignore this warning for future sessions",
+                    checkboxChecked: false
+                };
+
+                dialog.showMessageBox(mainWindow, options).then(({response, checkboxChecked}) => {
+                    console.log(response, checkboxChecked);
+                    if (checkboxChecked) {
+                        if (response == 0) {
+                            setConfig("ignoreProtocolWarning", true);
+                        } else {
+                            setConfig("ignoreProtocolWarning", false);
+                        }
+                    }
+                    if (response == 0) {
+                        shell.openExternal(url);
+                    } else {
+                        return;
+                    }
+                });
+            }
+        }
        return {action: "deny"};
    });
    mainWindow.webContents.session.webRequest.onBeforeRequest((details, callback) => {