diff options
| author | Animal <24845294+ItzOnlyAnimal@users.noreply.github.com> | 2022-10-09 13:55:13 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-09 19:55:13 +0200 |
| commit | e7fb4ebd4eac99ca7b937c954d3b052f68627c57 (patch) | |
| tree | c4499b1528e8839770e9fc6204824063bfe036b8 /src | |
| parent | 2105de8ca54b17a852a86efa476a4e575042b5a6 (diff) | |
| download | Vencord-e7fb4ebd4eac99ca7b937c954d3b052f68627c57.tar.gz Vencord-e7fb4ebd4eac99ca7b937c954d3b052f68627c57.tar.bz2 Vencord-e7fb4ebd4eac99ca7b937c954d3b052f68627c57.zip | |
Protocol whitelist (#70)
* allowed protocols
* i forgot javascript actually has includes lol
Diffstat (limited to 'src')
| -rw-r--r-- | src/ipcMain/index.ts | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/ipcMain/index.ts b/src/ipcMain/index.ts index 61b631e..63844e0 100644 --- a/src/ipcMain/index.ts +++ b/src/ipcMain/index.ts @@ -11,6 +11,12 @@ const DATA_DIR = join(app.getPath("userData"), "..", "Vencord"); const SETTINGS_DIR = join(DATA_DIR, "settings"); const QUICKCSS_PATH = join(SETTINGS_DIR, "quickCss.css"); const SETTINGS_FILE = join(SETTINGS_DIR, "settings.json"); +const ALLOWED_PROTOCOLS = [ + "https:", + "http:", + "steam:", + "spotify:" +]; mkdirSync(SETTINGS_DIR, { recursive: true }); @@ -37,7 +43,7 @@ ipcMain.handle(IpcEvents.OPEN_EXTERNAL, (_, url) => { } catch { throw "Malformed URL"; } - if (protocol !== "https:" && protocol !== "http:") + if (!ALLOWED_PROTOCOLS.includes(protocol)) throw "Disallowed protocol."; shell.openExternal(url); |