fix: don't forward IPC filtering events to app for dev-tools and extensions (#16565)
This commit is contained in:
parent
56c6a51cd2
commit
dfcee48f81
1 changed files with 14 additions and 1 deletions
|
@ -365,6 +365,17 @@ const addReturnValueToEvent = (event) => {
|
|||
})
|
||||
}
|
||||
|
||||
const safeProtocols = new Set([
|
||||
'chrome-devtools:',
|
||||
'chrome-extension:'
|
||||
])
|
||||
|
||||
const isWebContentsTrusted = function (contents) {
|
||||
const pageURL = contents._getURL()
|
||||
const { protocol } = url.parse(pageURL)
|
||||
return safeProtocols.has(protocol)
|
||||
}
|
||||
|
||||
// Add JavaScript wrappers for WebContents class.
|
||||
WebContents.prototype._init = function () {
|
||||
// The navigation controller.
|
||||
|
@ -425,7 +436,9 @@ WebContents.prototype._init = function () {
|
|||
|
||||
for (const eventName of forwardedEvents) {
|
||||
this.on(eventName, (event, ...args) => {
|
||||
app.emit(eventName, event, this, ...args)
|
||||
if (!isWebContentsTrusted(event.sender)) {
|
||||
app.emit(eventName, event, this, ...args)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue