fix: security: don't allow arbitrary methods to be invoked on webContents via IPC (#15919)

lib/browser/navigation-controller.js

@@ -3,12 +3,20 @@
 const ipcMain = require('@electron/internal/browser/ipc-main-internal')
 
 // The history operation in renderer is redirected to browser.
-ipcMain.on('ELECTRON_NAVIGATION_CONTROLLER', function (event, method, ...args) {
-  event.sender[method](...args)
+ipcMain.on('ELECTRON_NAVIGATION_CONTROLLER_GO_BACK', function (event) {
+  event.sender.goBack()
 })
 
-ipcMain.on('ELECTRON_SYNC_NAVIGATION_CONTROLLER', function (event, method, ...args) {
-  event.returnValue = event.sender[method](...args)
+ipcMain.on('ELECTRON_NAVIGATION_CONTROLLER_GO_FORWARD', function (event) {
+  event.sender.goForward()
+})
+
+ipcMain.on('ELECTRON_NAVIGATION_CONTROLLER_GO_TO_OFFSET', function (event, offset) {
+  event.sender.goToOffset(offset)
+})
+
+ipcMain.on('ELECTRON_NAVIGATION_CONTROLLER_LENGTH', function (event) {
+  event.returnValue = event.sender.length()
 })
 
 // JavaScript implementation of Chromium's NavigationController.