This repository was archived by the owner on May 24, 2022. It is now read-only.
This repository was archived by the owner on May 24, 2022. It is now read-only.
Implement filters on the permissions allowed by the Electron remote module #548
Description
The Fether application uses the remote module, but does not implement filters on the
permissions allowed by the remote module. The Electron security guidelines recommend
that the application implement a filter in the form of a callback handler in order to prevent
misuse of this feature.
An example of a mitigation to help prevent the issues related to remote modules, where event.preventDefault avoids the propagation of permissions
when requested by malicious code running in the renderer process.
app.on('remote-require', (event, webContents, moduleName) => {
if (proxiedModules.has(moduleName)) {
event.returnValue = proxiedModules.get(moduleName)
}
if (!allowedModules.has(moduleName)) {
event.preventDefault()
}
})
app.on('remote-get-builtin', (event, webContents, moduleName) => {
if (!allowedElectronModules.has(moduleName)) {
event.preventDefault()
}
})
app.on('remote-get-global', (event, webContents, globalName) => {
if (!allowedGlobals.has(globalName)) {
event.preventDefault()
}
})
app.on('remote-get-current-window', (event, webContents) => {
event.preventDefault()
})
app.on('remote-get-current-web-contents', (event, webContents) => {
event.preventDefault()
})
app.on('remote-get-guest-web-contents', (event, webContents, guestWebContents) => {
event.preventDefault()
})Metadata
Metadata
Assignees
Labels
No labels