aboutsummaryrefslogtreecommitdiff
path: root/src/ipcMain/index.ts
diff options
context:
space:
mode:
authorAnimal <24845294+ItzOnlyAnimal@users.noreply.github.com>2022-10-09 13:55:13 -0400
committerGitHub <noreply@github.com>2022-10-09 19:55:13 +0200
commite7fb4ebd4eac99ca7b937c954d3b052f68627c57 (patch)
treec4499b1528e8839770e9fc6204824063bfe036b8 /src/ipcMain/index.ts
parent2105de8ca54b17a852a86efa476a4e575042b5a6 (diff)
downloadVencord-e7fb4ebd4eac99ca7b937c954d3b052f68627c57.tar.gz
Vencord-e7fb4ebd4eac99ca7b937c954d3b052f68627c57.tar.bz2
Vencord-e7fb4ebd4eac99ca7b937c954d3b052f68627c57.zip
Protocol whitelist (#70)
* allowed protocols * i forgot javascript actually has includes lol
Diffstat (limited to 'src/ipcMain/index.ts')
-rw-r--r--src/ipcMain/index.ts8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/ipcMain/index.ts b/src/ipcMain/index.ts
index 61b631e..63844e0 100644
--- a/src/ipcMain/index.ts
+++ b/src/ipcMain/index.ts
@@ -11,6 +11,12 @@ const DATA_DIR = join(app.getPath("userData"), "..", "Vencord");
const SETTINGS_DIR = join(DATA_DIR, "settings");
const QUICKCSS_PATH = join(SETTINGS_DIR, "quickCss.css");
const SETTINGS_FILE = join(SETTINGS_DIR, "settings.json");
+const ALLOWED_PROTOCOLS = [
+ "https:",
+ "http:",
+ "steam:",
+ "spotify:"
+];
mkdirSync(SETTINGS_DIR, { recursive: true });
@@ -37,7 +43,7 @@ ipcMain.handle(IpcEvents.OPEN_EXTERNAL, (_, url) => {
} catch {
throw "Malformed URL";
}
- if (protocol !== "https:" && protocol !== "http:")
+ if (!ALLOWED_PROTOCOLS.includes(protocol))
throw "Disallowed protocol.";
shell.openExternal(url);