self-hosted/joplin
1
0
Fork 0
mirror of https://github.com/laurent22/joplin.git synced 2024-12-30 10:36:35 +02:00
Code Issues Releases Activity

Desktop: Security: Close root electron window before unload: Prevent top-level redirection (#8478)

Browse Source
This commit is contained in:
Henry Heino 2023-07-17 04:13:01 -07:00 committed by GitHub
parent 2f8275be8c
commit 4d7399973e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
packages/app-desktop/main-html.js
View File

@ -30,6 +30,13 @@ const { FileApiDriverLocal } = require('@joplin/lib/file-api-driver-local');
const React = require('react');
const nodeSqlite = require('sqlite3');
// Security: If we attempt to navigate away from the root HTML page, it's likely because
// of an improperly sanitized link. Prevent this by closing the window before we can
// navigate away.
window.onbeforeunload = () => {
window.close();
};
if (bridge().env() === 'dev') {
const newConsole = function(oldConsole) {
const output = {};