Protocol whitelist (#70)
* allowed protocols * i forgot javascript actually has includes lol
This commit is contained in:
parent
2105de8ca5
commit
e7fb4ebd4e
@ -11,6 +11,12 @@ const DATA_DIR = join(app.getPath("userData"), "..", "Vencord");
|
|||||||
const SETTINGS_DIR = join(DATA_DIR, "settings");
|
const SETTINGS_DIR = join(DATA_DIR, "settings");
|
||||||
const QUICKCSS_PATH = join(SETTINGS_DIR, "quickCss.css");
|
const QUICKCSS_PATH = join(SETTINGS_DIR, "quickCss.css");
|
||||||
const SETTINGS_FILE = join(SETTINGS_DIR, "settings.json");
|
const SETTINGS_FILE = join(SETTINGS_DIR, "settings.json");
|
||||||
|
const ALLOWED_PROTOCOLS = [
|
||||||
|
"https:",
|
||||||
|
"http:",
|
||||||
|
"steam:",
|
||||||
|
"spotify:"
|
||||||
|
];
|
||||||
|
|
||||||
mkdirSync(SETTINGS_DIR, { recursive: true });
|
mkdirSync(SETTINGS_DIR, { recursive: true });
|
||||||
|
|
||||||
@ -37,7 +43,7 @@ ipcMain.handle(IpcEvents.OPEN_EXTERNAL, (_, url) => {
|
|||||||
} catch {
|
} catch {
|
||||||
throw "Malformed URL";
|
throw "Malformed URL";
|
||||||
}
|
}
|
||||||
if (protocol !== "https:" && protocol !== "http:")
|
if (!ALLOWED_PROTOCOLS.includes(protocol))
|
||||||
throw "Disallowed protocol.";
|
throw "Disallowed protocol.";
|
||||||
|
|
||||||
shell.openExternal(url);
|
shell.openExternal(url);
|
||||||
|
Loading…
Reference in New Issue
Block a user