From 37a9a6d68b41f2739ba8a45c95cf844b627e7004 Mon Sep 17 00:00:00 2001
From: bhaumikmaan <bhaumikmaan@gmail.com>
Date: Thu, 10 Apr 2025 10:27:18 +0530
Subject: [PATCH] Fix URL check

---
 electron/main.ts | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/electron/main.ts b/electron/main.ts
index 2378c37..0eae187 100644
--- a/electron/main.ts
+++ b/electron/main.ts
@@ -293,11 +293,19 @@ async function createWindow(): Promise<void> {
   }
   state.mainWindow.webContents.setWindowOpenHandler(({ url }) => {
     console.log("Attempting to open URL:", url)
-    if (url.includes("google.com") || url.includes("supabase.co")) {
-      shell.openExternal(url)
-      return { action: "deny" }
+    try {
+      const parsedURL = new URL(url);
+      const hostname = parsedURL.hostname;
+      const allowedHosts = ["google.com", "supabase.co"];
+      if (allowedHosts.includes(hostname) || hostname.endsWith(".google.com") || hostname.endsWith(".supabase.co")) {
+        shell.openExternal(url);
+        return { action: "deny" }; // Do not open this URL in a new Electron window
+      }
+    } catch (error) {
+      console.error("Invalid URL %d in setWindowOpenHandler: %d" , url , error);
+      return { action: "deny" }; // Deny access as URL string is malformed or invalid
     }
-    return { action: "allow" }
+    return { action: "allow" };
   })
 
   // Enhanced screen capture resistance