fix: don't forward IPC filtering events to app for dev-tools and extensions (#16565)

This commit is contained in:
Milan Burda 2019-01-30 17:20:03 +01:00 committed by Shelley Vohr
parent 56c6a51cd2
commit dfcee48f81

View file

@ -365,6 +365,17 @@ const addReturnValueToEvent = (event) => {
}) })
} }
const safeProtocols = new Set([
'chrome-devtools:',
'chrome-extension:'
])
const isWebContentsTrusted = function (contents) {
const pageURL = contents._getURL()
const { protocol } = url.parse(pageURL)
return safeProtocols.has(protocol)
}
// Add JavaScript wrappers for WebContents class. // Add JavaScript wrappers for WebContents class.
WebContents.prototype._init = function () { WebContents.prototype._init = function () {
// The navigation controller. // The navigation controller.
@ -425,7 +436,9 @@ WebContents.prototype._init = function () {
for (const eventName of forwardedEvents) { for (const eventName of forwardedEvents) {
this.on(eventName, (event, ...args) => { this.on(eventName, (event, ...args) => {
if (!isWebContentsTrusted(event.sender)) {
app.emit(eventName, event, this, ...args) app.emit(eventName, event, this, ...args)
}
}) })
} }