self-hosted/joplin
1
0
Fork 0
mirror of https://github.com/laurent22/joplin.git synced 2025-11-26 22:41:17 +02:00
Code Issues Releases Activity

Desktop: Security: Improve Markdown viewer link handling (#11201)

Browse Source
This commit is contained in:
Henry Heino
2024-10-14 09:51:28 -07:00
committed by GitHub
parent 26ae3f853e
commit 1a195e23dd
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
packages/app-desktop/gui/note-viewer/index.html
View File

@@ -733,6 +733,13 @@
})); }));
document.addEventListener('click', webviewLib.logEnabledEventHandler(e => { document.addEventListener('click', webviewLib.logEnabledEventHandler(e => {
// Links should all have custom click handlers. Allowing Electron to load custom links
// can cause security issues, particularly if these links have the same domain as the
// top-level page.
if (e.target.hasAttribute('href')) {
e.preventDefault();
}
document.querySelectorAll('.media-pdf').forEach(element => { document.querySelectorAll('.media-pdf').forEach(element => {
if(!!element.contentWindow){ if(!!element.contentWindow){
element.contentWindow.postMessage({ element.contentWindow.postMessage({