github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-04-10 03:01:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: don't forward IPC filtering events to app for dev-tools and extensions (#16716)

Browse Source
This commit is contained in:
trop[bot]
2019-02-08 15:35:18 -08:00
committed by Samuel Attard
parent 064f198162
commit fae52d8e4a
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/browser/api/web-contents.js
View File

@@ -321,6 +321,17 @@ WebContents.prototype.findInPage = function (text, options = {}) {
return this._findInPage(text, options)
}
const safeProtocols = new Set([
'chrome-devtools:',
'chrome-extension:'
])
const isWebContentsTrusted = function (contents) {
const pageURL = contents._getURL()
const { protocol } = url.parse(pageURL)
return safeProtocols.has(protocol)
}
// Add JavaScript wrappers for WebContents class.
WebContents.prototype._init = function () {
// The navigation controller.
@@ -380,7 +391,9 @@ WebContents.prototype._init = function () {
for (const eventName of forwardedEvents) {
this.on(eventName, (event, ...args) => {
app.emit(eventName, event, this, ...args)
if (!isWebContentsTrusted(event.sender)) {
app.emit(eventName, event, this, ...args)
}
})
}