Skip to content

Commit

Permalink
Update window open handler to accept new allowlisted protocols
Browse files Browse the repository at this point in the history
  • Loading branch information
sergeichestakov committed Mar 15, 2024
1 parent b05c213 commit 9d3682c
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions src/createWindow.ts
Original file line number Diff line number Diff line change
Expand Up @@ -177,8 +177,9 @@ export function createWindow(props?: WindowProps): BrowserWindow {
try {
const u = new URL(details.url);

// Don't open URLs with protocols other than http / https externally since they may open other apps.
if (u.protocol !== 'https:' && u.protocol !== 'http:') {
// Don't open URLs with protocols other than those we explicitly allow otherwise to prevent users
// from opening external apps and running untrusted code that could compromise their machines.
if (!EXTERNAL_PROTOCOLS_ALLOW_LIST.includes(u.protocol)) {
return {
action: 'deny',
};
Expand Down Expand Up @@ -208,14 +209,13 @@ export function createWindow(props?: WindowProps): BrowserWindow {

// Prevent navigation away from Replit or supported pages
if (!isReplit || !isSupportedPage(u.pathname)) {
event.preventDefault();

// Don't open URLs with protocols other than those we explicitly allow otherwise to prevent users
// from opening external apps and running untrusted code that could compromise their machines.
if (!EXTERNAL_PROTOCOLS_ALLOW_LIST.includes(u.protocol)) {
return;
}

event.preventDefault();
shell.openExternal(navigationUrl);
}
});
Expand Down

0 comments on commit 9d3682c

Please sign in to comment.