From 54b1481a4e48290a25b3e56220cacb3b31c386d3 Mon Sep 17 00:00:00 2001 From: smartfrigde <37928912+smartfrigde@users.noreply.github.com> Date: Fri, 3 Jun 2022 15:18:36 +0200 Subject: [PATCH 1/2] Update WindowOpenHandler to be much more secure --- src/window.ts | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/src/window.ts b/src/window.ts index ddcdb33..47b0f89 100644 --- a/src/window.ts +++ b/src/window.ts @@ -4,7 +4,7 @@ // I'm sorry for this mess but I'm not sure how to fix it. import {BrowserWindow, shell, app, ipcMain, dialog, clipboard} from "electron"; import path from "path"; -import {checkIfConfigIsBroken, firstRun, getConfig, contentPath, isSetup} from "./utils"; +import {checkIfConfigIsBroken, firstRun, getConfig, contentPath, isSetup, setConfig} from "./utils"; import {registerIpc} from "./ipc"; import startServer from "./socket"; import contextMenu from "electron-context-menu"; @@ -21,11 +21,45 @@ contextMenu({ }); async function doAfterDefiningTheWindow() { + var ignoreProtocolWarning = await getConfig("ignoreProtocolWarning"); checkIfConfigIsBroken(); registerIpc(); mainWindow.webContents.userAgent = `Mozilla/5.0 (X11; ${os.type()} ${os.arch()}) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36`; //fake useragent for screenshare to work mainWindow.webContents.setWindowOpenHandler(({url}) => { - shell.openExternal(url); + if (url.startsWith("https:" || url.startsWith("http:") || url.startsWith("mailto:"))) { + shell.openExternal(url); + } else { + if (ignoreProtocolWarning) { + shell.openExternal(url); + } else { + const options = { + type: "question", + buttons: ["Yes, please", "No, I don't"], + defaultId: 1, + title: url, + message: `Do you want to open ${url}?`, + detail: "This url was detected to not use normal browser protocols. It could mean that this url leads to a local program on your computer. Please check if you recognise it, before proceeding!", + checkboxLabel: "Remember my answer and ignore this warning for future sessions", + checkboxChecked: false + }; + + dialog.showMessageBox(mainWindow, options).then(({response, checkboxChecked}) => { + console.log(response, checkboxChecked); + if (checkboxChecked) { + if (response == 0) { + setConfig("ignoreProtocolWarning", true); + } else { + setConfig("ignoreProtocolWarning", false); + } + } + if (response == 0) { + shell.openExternal(url); + } else { + return; + } + }); + } + } return {action: "deny"}; }); mainWindow.webContents.session.webRequest.onBeforeRequest((details, callback) => { From 40d743d0e21e2b61659b9497ca4bb0e42b811b63 Mon Sep 17 00:00:00 2001 From: KayoticCarnige <32397453+kckarnige@users.noreply.github.com> Date: Fri, 3 Jun 2022 12:05:28 -0400 Subject: [PATCH 2/2] Fixed "null" bug Fixed "null" bug, where on Windows, Discord wouldn't recognize the OS (Only tested onw Windows 10) --- src/window.ts | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/window.ts b/src/window.ts index 47b0f89..7445fe7 100644 --- a/src/window.ts +++ b/src/window.ts @@ -13,6 +13,7 @@ export var icon: string; export let mainWindow: BrowserWindow; export let inviteWindow: BrowserWindow; let guestWindows: BrowserWindow[] = []; +var osType = os.type() contextMenu({ showSaveImageAs: true, @@ -24,7 +25,12 @@ async function doAfterDefiningTheWindow() { var ignoreProtocolWarning = await getConfig("ignoreProtocolWarning"); checkIfConfigIsBroken(); registerIpc(); - mainWindow.webContents.userAgent = `Mozilla/5.0 (X11; ${os.type()} ${os.arch()}) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36`; //fake useragent for screenshare to work + + // A little sloppy but it works :p + if (osType == 'Windows_NT') { + osType = "Windows " + os.release().split('.')[0] + " (" + os.release() + ")"; + } + mainWindow.webContents.userAgent = `Mozilla/5.0 (X11; ${osType} ${os.arch()}) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36`; //fake useragent for screenshare to work mainWindow.webContents.setWindowOpenHandler(({url}) => { if (url.startsWith("https:" || url.startsWith("http:") || url.startsWith("mailto:"))) { shell.openExternal(url);