phlux/mattermostest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[MM 19369] Add controlled support for popup windows. (#1065)

Browse Source 
* Allow all navigation for trusted popup windows

* slight cleanup

* change log type

* add log of blocked popup windows

* remove allways on top

* additional logging
This commit is contained in:
Dean Whillier
2019-10-15 14:48:22 -04:00
committed by GitHub
parent 31f68b975c
commit ef9ad68f05
1 changed files with 39 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/main.js
View File

@@ -10,6 +10,7 @@ import {URL} from 'url';
import electron from 'electron'; import electron from 'electron';
import isDev from 'electron-is-dev'; import isDev from 'electron-is-dev';
import installExtension, {REACT_DEVELOPER_TOOLS} from 'electron-devtools-installer'; import installExtension, {REACT_DEVELOPER_TOOLS} from 'electron-devtools-installer';
import log from 'electron-log';
import {protocols} from '../electron-builder.json'; import {protocols} from '../electron-builder.json';
@@ -44,6 +45,7 @@ const {
dialog, dialog,
systemPreferences, systemPreferences,
session, session,
BrowserWindow,
} = electron; } = electron;
const criticalErrorHandler = new CriticalErrorHandler(); const criticalErrorHandler = new CriticalErrorHandler();
const assetsDir = path.resolve(app.getAppPath(), 'assets'); const assetsDir = path.resolve(app.getAppPath(), 'assets');
@@ -53,6 +55,7 @@ const userActivityMonitor = new UserActivityMonitor();
// Keep a global reference of the window object, if you don't, the window will // Keep a global reference of the window object, if you don't, the window will
// be closed automatically when the JavaScript object is garbage collected. // be closed automatically when the JavaScript object is garbage collected.
let mainWindow = null; let mainWindow = null;
let popupWindow = null;
let hideOnStartup = null; let hideOnStartup = null;
let certificateStore = null; let certificateStore = null;
let spellChecker = null; let spellChecker = null;
@@ -383,13 +386,14 @@ function handleAppWebContentsCreated(dc, contents) {
const contentID = event.sender.id; const contentID = event.sender.id;
const parsedURL = parseURL(url); const parsedURL = parseURL(url);
if (isTrustedURL(parsedURL)) { if (isTrustedURL(parsedURL) || isTrustedPopupWindow(event.sender)) {
return; return;
} }
if (customLogins[contentID].inProgress) { if (customLogins[contentID].inProgress) {
return; return;
} }
log.info(`Untrusted URL blocked: ${url}`);
event.preventDefault(); event.preventDefault();
}); });
@@ -414,10 +418,32 @@ function handleAppWebContentsCreated(dc, contents) {
}); });
contents.on('new-window', (event, url) => { contents.on('new-window', (event, url) => {
if (isTrustedURL(url)) { event.preventDefault();
if (!isTrustedURL(url)) {
log.info(`Untrusted popup window blocked: ${url}`);
return; return;
} }
event.preventDefault(); if (popupWindow && popupWindow.getURL() === url) {
log.info(`Popup window already open at provided url: ${url}`);
return;
}
if (!popupWindow) {
popupWindow = new BrowserWindow({
parent: mainWindow,
show: false,
webPreferences: {
nodeIntegration: false,
contextIsolation: true,
},
});
popupWindow.once('ready-to-show', () => {
popupWindow.show();
});
popupWindow.once('closed', () => {
popupWindow = null;
});
}
popupWindow.loadURL(url);
}); });
} }
@@ -773,6 +799,16 @@ function isTrustedURL(url) {
return false; return false;
} }
function isTrustedPopupWindow(webContents) {
if (!webContents) {
return false;
}
if (!popupWindow) {
return false;
}
return BrowserWindow.fromWebContents(webContents) === popupWindow;
}
function isCustomLoginURL(url) { function isCustomLoginURL(url) {
const parsedURL = parseURL(url); const parsedURL = parseURL(url);
if (!parsedURL) { if (!parsedURL) {