From b9d4d5e4acc9f7313bc3374ce451c9d24be202ce Mon Sep 17 00:00:00 2001 From: kolaente Date: Fri, 20 Mar 2026 10:06:36 +0100 Subject: [PATCH] fix(desktop): validate URL schemes before shell.openExternal --- desktop/main.js | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/desktop/main.js b/desktop/main.js index 01fb9eb56..472653ab5 100644 --- a/desktop/main.js +++ b/desktop/main.js @@ -20,10 +20,24 @@ function createWindow() { } }) - // Open external links in the browser + // Open external links in the browser, but only allow protocols + // that the TipTap editor also allows (see frontend/src/components/input/editor/TipTap.vue). + // TipTap allows: http, https (built-in) + ftp, git, obsidian, notion, message + // We also allow mailto since it's a standard safe protocol for email links. mainWindow.webContents.setWindowOpenHandler(({ url }) => { - shell.openExternal(url); - return { action: 'deny' }; + try { + const parsedUrl = new URL(url); + const allowedProtocols = [ + 'http:', 'https:', 'mailto:', + 'ftp:', 'git:', 'obsidian:', 'notion:', 'message:', + ]; + if (allowedProtocols.includes(parsedUrl.protocol)) { + shell.openExternal(url); + } + } catch { + // Invalid URL, ignore silently + } + return { action: 'deny' }; }); // Hide the toolbar