github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-05-02 03:00:22 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
38-x-y
electron/spec
History
trop[bot] fbc489c43b fix: validate protocol scheme names in setAsDefaultProtocolClient (#50157) 
fix: validate protocol scheme names in setAsDefaultProtocolClient

On Windows, `app.setAsDefaultProtocolClient(protocol)` directly
concatenates the protocol string into the registry key path with no
validation. A protocol name containing `\` could write to an arbitrary
subkey under `HKCU\Software\Classes\`, potentially hijacking existing
protocol handlers.

To fix this, add `Browser::IsValidProtocolScheme()` which validates that a protocol
name conforms to the RFC 3986 scheme grammar:

  scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )

This rejects backslashes, forward slashes, whitespace, and any other
characters not permitted in URI schemes.

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
2026-03-10 07:28:57 -04:00
..
fixtures
build: update to yarn v4 (#48995)
2025-11-20 10:13:44 -05:00
lib
test: test menu rendering accelerators (#44634)
2025-05-06 14:09:35 -04:00
ts-smoke
test: add TS smoke test for electron/utility (#47976)
2025-08-06 14:47:42 +02:00
.eslintrc.json
build: drop eslint-plugin-unicorn (#47686)
2025-07-08 18:18:37 +02:00
.gitignore
feat: add error event for utility process (#43774)
2024-09-27 10:17:06 +09:00
ambient.d.ts
test: fixup test failures on linux (#49068)
2025-11-25 20:49:33 +01:00
api-app-spec.ts
fix: validate protocol scheme names in setAsDefaultProtocolClient (#50157)
2026-03-10 07:28:57 -04:00
api-auto-updater-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
api-autoupdater-darwin-spec.ts
fix: Squirrel.Mac crash when zip extraction fails (#47271)
2025-05-29 10:31:46 -07:00
api-browser-view-spec.ts
fix: BrowserWindow add the same BrowserView (#48201)
2025-09-02 16:56:04 -04:00
api-browser-window-spec.ts
fix: systemPreferences.getAccentColor inverted color (#49066)
2025-11-25 15:47:09 -06:00
api-clipboard-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
api-content-tracing-spec.ts
chore: disable flaky content tracing tests on Linux (#45612)
2025-02-14 10:18:42 +01:00
api-context-bridge-spec.ts
build: update to yarn v4 (#48995)
2025-11-20 10:13:44 -05:00
api-corner-smoothing-spec.ts
fix: corner smoothing feature gate crash (#47785)
2025-07-16 12:15:53 -07:00
api-crash-reporter-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
api-debugger-spec.ts
test: run script to help target discovery and reduce flakes (#44741)
2024-11-20 08:55:09 -06:00
api-desktop-capturer-spec.ts
chore: bump chromium to 139.0.7219.0 (main) (#47348)
2025-06-16 12:46:06 -05:00
api-dialog-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
api-global-shortcut-spec.ts
test: test menu rendering accelerators (#44634)
2025-05-06 14:09:35 -04:00
api-image-view-spec.ts
docs: add documentation for ImageView (#46760)
2025-05-29 10:24:16 -07:00
api-in-app-purchase-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
api-ipc-main-spec.ts
docs: Make ipcRenderer and ipcMain listener API docs consistent (#44651)
2024-11-18 14:44:30 -08:00
api-ipc-renderer-spec.ts
docs: Make ipcRenderer and ipcMain listener API docs consistent (#44651)
2024-11-18 14:44:30 -08:00
api-ipc-spec.ts
build: update to yarn v4 (#48995)
2025-11-20 10:13:44 -05:00
api-media-handler-spec.ts
fix: crash on getUserMedia with invalid chromeMediaSourceId (#45733)
2025-02-21 10:17:52 -06:00
api-menu-item-spec.ts
fix: stop menu minimization if set false (#46279)
2025-04-22 10:58:30 +02:00
api-menu-spec.ts
test: test menu rendering accelerators (#44634)
2025-05-06 14:09:35 -04:00
api-native-image-spec.ts
chore: bump chromium to 139.0.7256.0 (38-x-y) (#47615)
2025-06-30 12:29:54 -04:00
api-native-theme-spec.ts
feat: expose nativeTheme.shouldUseDarkColorsForSystemIntegratedUI (#46438)
2025-04-10 12:08:29 +02:00
api-net-custom-protocols-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
api-net-log-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
api-net-session-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
api-net-spec.ts
feat: [net] add "priority" option to net.request (#42628)
2025-05-30 15:28:13 -04:00
api-notification-dbus-spec.ts
test: fixup test failures on linux (#49068)
2025-11-25 20:49:33 +01:00
api-notification-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
api-power-monitor-spec.ts
test: fixup test failures on linux (#49068)
2025-11-25 20:49:33 +01:00
api-power-save-blocker-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
api-process-spec.ts
refactor: eliminate duplicate code in spec/api-process-spec.ts (#45927)
2025-03-09 17:37:14 -05:00
api-protocol-spec.ts
feat: add bypassCustomProtocolHandlers option to net.request (#48881)
2025-11-13 10:34:11 -05:00
api-safe-storage-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
api-screen-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
api-service-worker-main-spec.ts
feat: ServiceWorkerMain.scriptURL (#45863)
2025-03-14 21:00:13 -04:00
api-service-workers-spec.ts
feat: service worker preload scripts for improved extensions support (#44411)
2025-01-31 09:32:45 -05:00
api-session-spec.ts
fix: webContents.downloadURL() did not support referer header (#47867)
2025-07-23 16:45:45 +02:00
api-shell-spec.ts
fix: unexpected openExternal dialog on macOS Tahoe (#48517)
2025-10-13 10:13:53 +02:00
api-subframe-spec.ts
chore: bump chromium to 140.0.7281.0 (38-x-y) (#47559)
2025-07-15 12:05:29 -04:00
api-system-preferences-spec.ts
chore: remove deprecated systemPreferences.isAeroGlassEnabled() (#45563)
2025-02-18 18:59:00 -06:00
api-touch-bar-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
api-tray-spec.ts
feat: allow macOS tray to maintain position (#48077)
2025-08-20 13:03:54 -04:00
api-utility-process-spec.ts
fix: importing from electron/utility in ESM (#48019)
2025-08-11 09:42:56 +02:00
api-view-spec.ts
feat: view.getVisible() (#44999)
2025-01-31 13:27:16 -05:00
api-web-contents-spec.ts
test: fixup test failures on linux (#49068)
2025-11-25 20:49:33 +01:00
api-web-contents-view-spec.ts
fix: crash on window.close() with webContents on blur (#47952)
2025-08-04 14:28:35 +02:00
api-web-frame-main-spec.ts
feat: webFrameMain.fromFrameToken (#47942)
2025-08-06 19:39:56 +02:00
api-web-frame-spec.ts
chore: bump chromium to 140.0.7281.0 (38-x-y) (#47559)
2025-07-15 12:05:29 -04:00
api-web-request-spec.ts
feat: add excludeUrls and modify urls in WebRequestFilter for better URL filtering (#44692)
2025-02-17 12:40:47 -08:00
api-web-utils-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
asar-integrity-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
asar-spec.ts
chore: cleanup following internal switch to readPackageJSON (#44644)
2024-11-15 11:36:18 -05:00
autofill-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
chromium-spec.ts
fix: read nodeIntegrationInWorker from per-frame WebPreferences (#50163)
2026-03-09 22:02:19 -07:00
crash-spec.ts
fix: oob string read when parsing node_options (#46210)
2025-03-25 19:33:10 +09:00
deprecate-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
disabled-tests.json
chore: disable tests that require nut.js (#42006)
2024-04-30 21:13:38 -04:00
esm-spec.ts
feat: dynamic ESM import in preload without context isolation (#48489)
2025-10-21 07:28:25 +02:00
extensions-spec.ts
chore: bump chromium to 140.0.7301.0 (38-x-y) (#47849)
2025-07-21 11:55:08 -07:00
fuses-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
get-files.ts
chore: remove walkdir dev dependency (#42591)
2024-06-21 10:31:10 -04:00
guest-window-manager-spec.ts
fix: offscreen mode under window.open creation (#48026)
2025-08-10 21:55:40 +02:00
index.js
build: use github actions for windows (#44136)
2024-12-12 11:51:24 -05:00
logging-spec.ts
fix: prevent log files being written to current directory on Windows (#44413)
2025-05-02 16:27:29 -05:00
modules-spec.ts
fix: importing from electron/utility in ESM (#48019)
2025-08-11 09:42:56 +02:00
node-spec.ts
fix: assert.ok in the renderer process (#46528)
2025-04-08 07:09:54 -05:00
package.json
test: remove split dependency (#49556)
2026-01-28 11:49:51 -08:00
parse-features-string-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
pipe-transport.ts
test: drop now-empty remote runner (#35343)
2022-08-16 15:23:13 -04:00
process-binding-spec.ts
build: add import/order eslint rule (#44085)
2024-10-02 19:10:44 -07:00
release-notes-spec.ts
build: drop dugite as a dependency (#49207)
2025-12-16 15:56:45 -05:00
security-warnings-spec.ts
feat: expose frame & move properties to console-message event object (#43617)
2024-10-18 16:07:06 -04:00
spellchecker-spec.ts
test: fixup test failures on linux (#49068)
2025-11-25 20:49:33 +01:00
types-spec.ts
chore: update node types version (#36924)
2023-01-18 14:46:27 +01:00
version-bump-spec.ts
build: drop dugite as a dependency (#49207)
2025-12-16 15:56:45 -05:00
visibility-state-spec.ts
build: use github actions for windows (#44136)
2024-12-12 11:51:24 -05:00
webview-spec.ts
fix: crash when renderer process crashes while webview is reloading (#46735)
2025-04-25 10:10:27 +02:00