diff options
| author | megumin <megumin.bakaretsurie@gmail.com> | 2023-08-04 18:52:20 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-04 19:52:20 +0200 |
| commit | d6c43986fd665b60a8a83d41ef907dab22e990e7 (patch) | |
| tree | ff9eda6794ef371568662b389a5e71e32bbbc16c /src/main/index.ts | |
| parent | bb7deeb09cb263d158de0d99e873c3d3f43a73bb (diff) | |
| download | Vencord-d6c43986fd665b60a8a83d41ef907dab22e990e7.tar.gz Vencord-d6c43986fd665b60a8a83d41ef907dab22e990e7.tar.bz2 Vencord-d6c43986fd665b60a8a83d41ef907dab22e990e7.zip | |
Add proper user-friendly theme manager (#635)
Co-authored-by: Justice Almanzar <superdash993@gmail.com>
Co-authored-by: Nuckyz <61953774+Nuckyz@users.noreply.github.com>
Co-authored-by: V <vendicated@riseup.net>
Diffstat (limited to 'src/main/index.ts')
| -rw-r--r-- | src/main/index.ts | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/src/main/index.ts b/src/main/index.ts index cb723bb..a8b9429 100644 --- a/src/main/index.ts +++ b/src/main/index.ts @@ -19,8 +19,8 @@ import { app, protocol, session } from "electron"; import { join } from "path"; -import { getSettings } from "./ipcMain"; -import { IS_VANILLA } from "./utils/constants"; +import { ensureSafePath, getSettings } from "./ipcMain"; +import { IS_VANILLA, THEMES_DIR } from "./utils/constants"; import { installExt } from "./utils/extensions"; if (IS_VENCORD_DESKTOP || !IS_VANILLA) { @@ -30,6 +30,16 @@ if (IS_VENCORD_DESKTOP || !IS_VANILLA) { protocol.registerFileProtocol("vencord", ({ url: unsafeUrl }, cb) => { let url = unsafeUrl.slice("vencord://".length); if (url.endsWith("/")) url = url.slice(0, -1); + if (url.startsWith("/themes/")) { + const theme = url.slice("/themes/".length); + const safeUrl = ensureSafePath(THEMES_DIR, theme); + if (!safeUrl) { + cb({ statusCode: 403 }); + return; + } + cb(safeUrl.replace(/\?v=\d+$/, "")); + return; + } switch (url) { case "renderer.js.map": case "vencordDesktopRenderer.js.map": @@ -75,7 +85,7 @@ if (IS_VENCORD_DESKTOP || !IS_VANILLA) { const csp = parsePolicy(headers[header][0]); for (const directive of ["style-src", "connect-src", "img-src", "font-src", "media-src", "worker-src"]) { - csp[directive] = ["*", "blob:", "data:", "'unsafe-inline'"]; + csp[directive] = ["*", "blob:", "data:", "vencord:", "'unsafe-inline'"]; } // TODO: Restrict this to only imported packages with fixed version. // Perhaps auto generate with esbuild |