security: remove openPath, restrict openExternal
Now only allows opening http urls.
This commit is contained in:
parent
71a59f4020
commit
8fe60971f5
3 changed files with 15 additions and 4 deletions
|
@ -88,7 +88,7 @@ export default ErrorBoundary.wrap(function Settings() {
|
||||||
Launch Directory
|
Launch Directory
|
||||||
</Button>
|
</Button>
|
||||||
<Button
|
<Button
|
||||||
onClick={() => VencordNative.ipc.invoke(IpcEvents.OPEN_PATH, settingsDir, "quickCss.css")}
|
onClick={() => VencordNative.ipc.invoke(IpcEvents.OPEN_QUICKCSS)}
|
||||||
size={Button.Sizes.SMALL}
|
size={Button.Sizes.SMALL}
|
||||||
disabled={settingsDir === "Loading..."}
|
disabled={settingsDir === "Loading..."}
|
||||||
>
|
>
|
||||||
|
|
|
@ -29,8 +29,19 @@ function readSettings() {
|
||||||
// Fix for screensharing in Electron >= 17
|
// Fix for screensharing in Electron >= 17
|
||||||
ipcMain.handle(IpcEvents.GET_DESKTOP_CAPTURE_SOURCES, (_, opts) => desktopCapturer.getSources(opts));
|
ipcMain.handle(IpcEvents.GET_DESKTOP_CAPTURE_SOURCES, (_, opts) => desktopCapturer.getSources(opts));
|
||||||
|
|
||||||
ipcMain.handle(IpcEvents.OPEN_PATH, (_, ...pathElements) => shell.openPath(join(...pathElements)));
|
ipcMain.handle(IpcEvents.OPEN_QUICKCSS, () => shell.openPath(QUICKCSS_PATH));
|
||||||
ipcMain.handle(IpcEvents.OPEN_EXTERNAL, (_, url) => shell.openExternal(url));
|
|
||||||
|
ipcMain.handle(IpcEvents.OPEN_EXTERNAL, (_, url) => {
|
||||||
|
try {
|
||||||
|
var { protocol } = new URL(url);
|
||||||
|
} catch {
|
||||||
|
throw "Malformed URL";
|
||||||
|
}
|
||||||
|
if (protocol !== "https:" && protocol !== "http:")
|
||||||
|
throw "Disallowed protocol.";
|
||||||
|
|
||||||
|
shell.openExternal(url);
|
||||||
|
});
|
||||||
|
|
||||||
|
|
||||||
ipcMain.handle(IpcEvents.GET_QUICK_CSS, () => readCss());
|
ipcMain.handle(IpcEvents.GET_QUICK_CSS, () => readCss());
|
||||||
|
|
|
@ -18,7 +18,7 @@ export default strEnum({
|
||||||
GET_SETTINGS: "VencordGetSettings",
|
GET_SETTINGS: "VencordGetSettings",
|
||||||
SET_SETTINGS: "VencordSetSettings",
|
SET_SETTINGS: "VencordSetSettings",
|
||||||
OPEN_EXTERNAL: "VencordOpenExternal",
|
OPEN_EXTERNAL: "VencordOpenExternal",
|
||||||
OPEN_PATH: "VencordOpenPath",
|
OPEN_QUICKCSS: "VencordOpenQuickCss",
|
||||||
GET_UPDATES: "VencordGetUpdates",
|
GET_UPDATES: "VencordGetUpdates",
|
||||||
GET_REPO: "VencordGetRepo",
|
GET_REPO: "VencordGetRepo",
|
||||||
GET_HASHES: "VencordGetHashes",
|
GET_HASHES: "VencordGetHashes",
|
||||||
|
|
Loading…
Reference in a new issue