From e7fb4ebd4eac99ca7b937c954d3b052f68627c57 Mon Sep 17 00:00:00 2001 From: Animal <24845294+ItzOnlyAnimal@users.noreply.github.com> Date: Sun, 9 Oct 2022 13:55:13 -0400 Subject: Protocol whitelist (#70) * allowed protocols * i forgot javascript actually has includes lol --- src/ipcMain/index.ts | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/ipcMain/index.ts b/src/ipcMain/index.ts index 61b631e..63844e0 100644 --- a/src/ipcMain/index.ts +++ b/src/ipcMain/index.ts @@ -11,6 +11,12 @@ const DATA_DIR = join(app.getPath("userData"), "..", "Vencord"); const SETTINGS_DIR = join(DATA_DIR, "settings"); const QUICKCSS_PATH = join(SETTINGS_DIR, "quickCss.css"); const SETTINGS_FILE = join(SETTINGS_DIR, "settings.json"); +const ALLOWED_PROTOCOLS = [ + "https:", + "http:", + "steam:", + "spotify:" +]; mkdirSync(SETTINGS_DIR, { recursive: true }); @@ -37,7 +43,7 @@ ipcMain.handle(IpcEvents.OPEN_EXTERNAL, (_, url) => { } catch { throw "Malformed URL"; } - if (protocol !== "https:" && protocol !== "http:") + if (!ALLOWED_PROTOCOLS.includes(protocol)) throw "Disallowed protocol."; shell.openExternal(url); -- cgit