mirror of
https://github.com/laurent22/joplin.git
synced 2024-12-24 10:27:10 +02:00
Desktop: Security: Improve Markdown viewer link handling (#11201)
This commit is contained in:
parent
26ae3f853e
commit
1a195e23dd
@ -733,6 +733,13 @@
|
||||
}));
|
||||
|
||||
document.addEventListener('click', webviewLib.logEnabledEventHandler(e => {
|
||||
// Links should all have custom click handlers. Allowing Electron to load custom links
|
||||
// can cause security issues, particularly if these links have the same domain as the
|
||||
// top-level page.
|
||||
if (e.target.hasAttribute('href')) {
|
||||
e.preventDefault();
|
||||
}
|
||||
|
||||
document.querySelectorAll('.media-pdf').forEach(element => {
|
||||
if(!!element.contentWindow){
|
||||
element.contentWindow.postMessage({
|
||||
|
Loading…
Reference in New Issue
Block a user