apunkt/SurfSense
1
0
Fork 0
mirror of https://github.com/MODSetter/SurfSense.git synced 2026-05-01 03:46:25 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix(desktop): validate URL scheme in open-external IPC handler

Browse source
This commit is contained in:
CREDO23 2026-03-18 20:58:49 +02:00
parent 572e7999b2
commit 3b19b54b2b
1 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
surfsense_desktop/src/main.ts
View file

@ -38,7 +38,7 @@ let deepLinkUrl: string | null = null;
let serverPort: number = 3000; // overwritten at startup with a free port
const PROTOCOL = 'surfsense';
// Injected at compile time from .env.desktop via esbuild define
// Injected at compile time from .env via esbuild define
const HOSTED_FRONTEND_URL = process.env.HOSTED_FRONTEND_URL as string;
function getStandalonePath(): string {
@ -145,7 +145,14 @@ function createWindow() {
// IPC handlers
ipcMain.on('open-external', (_event, url: string) => {
shell.openExternal(url);
try {
const parsed = new URL(url);
if (parsed.protocol === 'http:' || parsed.protocol === 'https:') {
shell.openExternal(url);
}
} catch {
// invalid URL — ignore
}
});
ipcMain.handle('get-app-version', () => {