Skip to content
This repository has been archived by the owner on Feb 26, 2020. It is now read-only.

Commit

Permalink
[stable] Remove preload.js path verification (#140)
Browse files Browse the repository at this point in the history
* Remove preload.js path verification

* Bump v0.1.4
  • Loading branch information
amaury1093 authored Jun 11, 2018
1 parent b002de1 commit d199ccf
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 10 deletions.
2 changes: 1 addition & 1 deletion package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "parity-ui",
"version": "0.1.3",
"version": "0.1.4",
"description": "The Electron app for Parity UI",
"main": ".build/electron.js",
"jsnext:main": ".build/electron.js",
Expand Down
11 changes: 3 additions & 8 deletions src/index.electron.js
Original file line number Diff line number Diff line change
Expand Up @@ -112,14 +112,9 @@ function createWindow () {
mainWindow.webContents.on('will-attach-webview', (event, webPreferences, params) => {
// Strip away inline preload scripts, ours is at preloadURL
delete webPreferences.preload;
// Verify the location of our prelaod script is legitimate (unless uiDev has been passed)
if (webPreferences.preloadURL !== encodeURI(url.format({
pathname: path.join(__dirname, 'preload.js'),
protocol: 'file:',
slashes: true
}))) {
throw new Error(`Unknown preload.js is being injected, quitting for security reasons. ${webPreferences.preloadURL}`);
}

// TODO Verify that the location of webPreferences.preloadURL is:
// `file://path/to/app.asar/.build/preload.js`

// Disable Node.js integration
webPreferences.nodeIntegration = false;
Expand Down

0 comments on commit d199ccf

Please sign in to comment.