fix: don't forward IPC filtering events to app for dev-tools and extensions (#16565)
This commit is contained in:
parent
56c6a51cd2
commit
dfcee48f81
1 changed files with 14 additions and 1 deletions
|
@ -365,6 +365,17 @@ const addReturnValueToEvent = (event) => {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const safeProtocols = new Set([
|
||||||
|
'chrome-devtools:',
|
||||||
|
'chrome-extension:'
|
||||||
|
])
|
||||||
|
|
||||||
|
const isWebContentsTrusted = function (contents) {
|
||||||
|
const pageURL = contents._getURL()
|
||||||
|
const { protocol } = url.parse(pageURL)
|
||||||
|
return safeProtocols.has(protocol)
|
||||||
|
}
|
||||||
|
|
||||||
// Add JavaScript wrappers for WebContents class.
|
// Add JavaScript wrappers for WebContents class.
|
||||||
WebContents.prototype._init = function () {
|
WebContents.prototype._init = function () {
|
||||||
// The navigation controller.
|
// The navigation controller.
|
||||||
|
@ -425,7 +436,9 @@ WebContents.prototype._init = function () {
|
||||||
|
|
||||||
for (const eventName of forwardedEvents) {
|
for (const eventName of forwardedEvents) {
|
||||||
this.on(eventName, (event, ...args) => {
|
this.on(eventName, (event, ...args) => {
|
||||||
|
if (!isWebContentsTrusted(event.sender)) {
|
||||||
app.emit(eventName, event, this, ...args)
|
app.emit(eventName, event, this, ...args)
|
||||||
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue