security: remove openPath, restrict openExternal
Now only allows opening http urls.
This commit is contained in:
parent
71a59f4020
commit
8fe60971f5
@ -88,7 +88,7 @@ export default ErrorBoundary.wrap(function Settings() {
|
||||
Launch Directory
|
||||
</Button>
|
||||
<Button
|
||||
onClick={() => VencordNative.ipc.invoke(IpcEvents.OPEN_PATH, settingsDir, "quickCss.css")}
|
||||
onClick={() => VencordNative.ipc.invoke(IpcEvents.OPEN_QUICKCSS)}
|
||||
size={Button.Sizes.SMALL}
|
||||
disabled={settingsDir === "Loading..."}
|
||||
>
|
||||
|
@ -29,8 +29,19 @@ function readSettings() {
|
||||
// Fix for screensharing in Electron >= 17
|
||||
ipcMain.handle(IpcEvents.GET_DESKTOP_CAPTURE_SOURCES, (_, opts) => desktopCapturer.getSources(opts));
|
||||
|
||||
ipcMain.handle(IpcEvents.OPEN_PATH, (_, ...pathElements) => shell.openPath(join(...pathElements)));
|
||||
ipcMain.handle(IpcEvents.OPEN_EXTERNAL, (_, url) => shell.openExternal(url));
|
||||
ipcMain.handle(IpcEvents.OPEN_QUICKCSS, () => shell.openPath(QUICKCSS_PATH));
|
||||
|
||||
ipcMain.handle(IpcEvents.OPEN_EXTERNAL, (_, url) => {
|
||||
try {
|
||||
var { protocol } = new URL(url);
|
||||
} catch {
|
||||
throw "Malformed URL";
|
||||
}
|
||||
if (protocol !== "https:" && protocol !== "http:")
|
||||
throw "Disallowed protocol.";
|
||||
|
||||
shell.openExternal(url);
|
||||
});
|
||||
|
||||
|
||||
ipcMain.handle(IpcEvents.GET_QUICK_CSS, () => readCss());
|
||||
|
@ -18,7 +18,7 @@ export default strEnum({
|
||||
GET_SETTINGS: "VencordGetSettings",
|
||||
SET_SETTINGS: "VencordSetSettings",
|
||||
OPEN_EXTERNAL: "VencordOpenExternal",
|
||||
OPEN_PATH: "VencordOpenPath",
|
||||
OPEN_QUICKCSS: "VencordOpenQuickCss",
|
||||
GET_UPDATES: "VencordGetUpdates",
|
||||
GET_REPO: "VencordGetRepo",
|
||||
GET_HASHES: "VencordGetHashes",
|
||||
|
Loading…
x
Reference in New Issue
Block a user