Fascinated/Vencord
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Protocol whitelist (#70)

Browse Source 
* allowed protocols

* i forgot javascript actually has includes lol
This commit is contained in:
Animal 2022-10-09 13:55:13 -04:00 committed by GitHub
parent 2105de8ca5
commit e7fb4ebd4e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/ipcMain/index.ts
View File

@ -11,6 +11,12 @@ const DATA_DIR = join(app.getPath("userData"), "..", "Vencord");
const SETTINGS_DIR = join(DATA_DIR, "settings"); const SETTINGS_DIR = join(DATA_DIR, "settings");
const QUICKCSS_PATH = join(SETTINGS_DIR, "quickCss.css"); const QUICKCSS_PATH = join(SETTINGS_DIR, "quickCss.css");
const SETTINGS_FILE = join(SETTINGS_DIR, "settings.json"); const SETTINGS_FILE = join(SETTINGS_DIR, "settings.json");
const ALLOWED_PROTOCOLS = [
"https:",
"http:",
"steam:",
"spotify:"
];
mkdirSync(SETTINGS_DIR, { recursive: true }); mkdirSync(SETTINGS_DIR, { recursive: true });
@ -37,7 +43,7 @@ ipcMain.handle(IpcEvents.OPEN_EXTERNAL, (_, url) => {
} catch { } catch {
throw "Malformed URL"; throw "Malformed URL";
} }
if (protocol !== "https:" && protocol !== "http:") if (!ALLOWED_PROTOCOLS.includes(protocol))
throw "Disallowed protocol."; throw "Disallowed protocol.";
shell.openExternal(url); shell.openExternal(url);