Protocol whitelist (#70)

* allowed protocols

* i forgot javascript actually has includes lol
This commit is contained in:
Animal 2022-10-09 13:55:13 -04:00 committed by GitHub
parent 2105de8ca5
commit e7fb4ebd4e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -11,6 +11,12 @@ const DATA_DIR = join(app.getPath("userData"), "..", "Vencord");
const SETTINGS_DIR = join(DATA_DIR, "settings"); const SETTINGS_DIR = join(DATA_DIR, "settings");
const QUICKCSS_PATH = join(SETTINGS_DIR, "quickCss.css"); const QUICKCSS_PATH = join(SETTINGS_DIR, "quickCss.css");
const SETTINGS_FILE = join(SETTINGS_DIR, "settings.json"); const SETTINGS_FILE = join(SETTINGS_DIR, "settings.json");
const ALLOWED_PROTOCOLS = [
"https:",
"http:",
"steam:",
"spotify:"
];
mkdirSync(SETTINGS_DIR, { recursive: true }); mkdirSync(SETTINGS_DIR, { recursive: true });
@ -37,7 +43,7 @@ ipcMain.handle(IpcEvents.OPEN_EXTERNAL, (_, url) => {
} catch { } catch {
throw "Malformed URL"; throw "Malformed URL";
} }
if (protocol !== "https:" && protocol !== "http:") if (!ALLOWED_PROTOCOLS.includes(protocol))
throw "Disallowed protocol."; throw "Disallowed protocol.";
shell.openExternal(url); shell.openExternal(url);