if/SymphonyElectron
1
0
Fork 0
mirror of https://github.com/finos/SymphonyElectron.git synced 2024-11-25 02:10:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

ELECTRON-661 (Security fix for pop-outs RCE) (#450)

Browse Source 
- Security fix for pop-outs RCE
- Bump Electron version to 2.0.6
This commit is contained in:
Kiran Niranjan 2018-08-03 19:31:54 +05:30 committed by Vishwas Shashidhar
parent e441deeb1d
commit 76b995d064
2 changed files with 199 additions and 184 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
js/windowMgr.js
View File

@ -371,13 +371,15 @@ function doCreateMainWindow(initialUrl, initialBounds, isCustomTitleBar) {
}); });
// open external links in default browser - a tag with href='_blank' or window.open // open external links in default browser - a tag with href='_blank' or window.open
mainWindow.webContents.on('new-window', handleNewWindow); const enforceInheritance = (topWebContents) => {
const handleNewWindow = (webContents) => {
if (!isDevEnv) { webContents.on('new-window', (event, newWinUrl, frameName, disposition, newWinOptions) => {
mainWindow.webContents.session.setCertificateVerifyProc(handleCertificateTransparencyChecks); if (!newWinOptions.webPreferences) {
// eslint-disable-next-line no-param-reassign
newWinOptions.webPreferences = {};
} }
function handleNewWindow(event, newWinUrl, frameName, disposition, newWinOptions) { Object.assign(newWinOptions.webPreferences, topWebContents);
let newWinParsedUrl = getParsedUrl(newWinUrl); let newWinParsedUrl = getParsedUrl(newWinUrl);
let mainWinParsedUrl = getParsedUrl(url); let mainWinParsedUrl = getParsedUrl(url);
@ -445,18 +447,18 @@ function doCreateMainWindow(initialUrl, initialBounds, isCustomTitleBar) {
newWinOptions.winKey = newWinKey; newWinOptions.winKey = newWinKey;
/* eslint-enable no-param-reassign */ /* eslint-enable no-param-reassign */
let webContents = newWinOptions.webContents; let childWebContents = newWinOptions.webContents;
// Event needed to hide native menu bar // Event needed to hide native menu bar
webContents.once('did-start-loading', () => { childWebContents.once('did-start-loading', () => {
let browserWin = BrowserWindow.fromWebContents(webContents); let browserWin = BrowserWindow.fromWebContents(childWebContents);
if (isWindowsOS && browserWin && !browserWin.isDestroyed()) { if (isWindowsOS && browserWin && !browserWin.isDestroyed()) {
browserWin.setMenuBarVisibility(false); browserWin.setMenuBarVisibility(false);
} }
}); });
webContents.once('did-finish-load', function () { childWebContents.once('did-finish-load', function () {
let browserWin = BrowserWindow.fromWebContents(webContents); let browserWin = BrowserWindow.fromWebContents(childWebContents);
if (browserWin) { if (browserWin) {
log.send(logLevels.INFO, 'loaded pop-out window url: ' + newWinParsedUrl); log.send(logLevels.INFO, 'loaded pop-out window url: ' + newWinParsedUrl);
@ -501,7 +503,9 @@ function doCreateMainWindow(initialUrl, initialBounds, isCustomTitleBar) {
// In case we navigate to an external link from inside a pop-out, // In case we navigate to an external link from inside a pop-out,
// we open that link in an external browser rather than creating // we open that link in an external browser rather than creating
// a new window // a new window
browserWin.webContents.on('new-window', handleNewWindow.bind(this)); if (browserWin.webContents) {
handleNewWindow(browserWin.webContents);
}
addWindowKey(newWinKey, browserWin); addWindowKey(newWinKey, browserWin);
@ -536,7 +540,6 @@ function doCreateMainWindow(initialUrl, initialBounds, isCustomTitleBar) {
}; };
browserWin.on('close', () => { browserWin.on('close', () => {
browserWin.webContents.removeListener('new-window', handleNewWindow);
browserWin.webContents.removeListener('crashed', handleChildWindowCrashEvent); browserWin.webContents.removeListener('crashed', handleChildWindowCrashEvent);
}); });
@ -559,6 +562,18 @@ function doCreateMainWindow(initialUrl, initialBounds, isCustomTitleBar) {
event.preventDefault(); event.preventDefault();
openUrlInDefaultBrowser(newWinUrl); openUrlInDefaultBrowser(newWinUrl);
} }
});
};
handleNewWindow(topWebContents);
};
if (!isDevEnv) {
mainWindow.webContents.session.setCertificateVerifyProc(handleCertificateTransparencyChecks);
}
// enforce main window's webPreferences to child windows
if (mainWindow.webContents) {
enforceInheritance(mainWindow.webContents);
} }
// whenever the main window is navigated for ex: window.location.href or url redirect // whenever the main window is navigated for ex: window.location.href or url redirect

2
package.json
View File

@ -89,7 +89,7 @@
"bluebird": "3.5.1", "bluebird": "3.5.1",
"browserify": "16.2.2", "browserify": "16.2.2",
"cross-env": "5.2.0", "cross-env": "5.2.0",
"electron": "2.0.4", "electron": "2.0.6",
"electron-builder": "20.16.4", "electron-builder": "20.16.4",
"electron-builder-squirrel-windows": "12.3.0", "electron-builder-squirrel-windows": "12.3.0",
"electron-chromedriver": "2.0.0", "electron-chromedriver": "2.0.0",