CringeStudios/element-desktop
5
0
Fork 0
mirror of https://github.com/CringeStudios/element-desktop.git synced 2025-01-18 23:44:59 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Enable context isolation, bridge expected IPC

Browse Source 
This enables Electron's context isolation mode as recommended in their guidance.
We use the context bridge feature to regain access to only the IPC channels we
expect to have access to.
This commit is contained in:
J. Ryan Stinnett 2021-01-13 15:21:00 +00:00
parent 19515b614f
commit 5ad0967b07
2 changed files with 43 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/electron-main.js
View File

@ -1,9 +1,8 @@
/* /*
Copyright 2016 Aviral Dasgupta Copyright 2016 Aviral Dasgupta
Copyright 2016 OpenMarket Ltd Copyright 2016 OpenMarket Ltd
Copyright 2018, 2019 New Vector Ltd
Copyright 2017, 2019 Michael Telatynski <7t3chguy@gmail.com> Copyright 2017, 2019 Michael Telatynski <7t3chguy@gmail.com>
Copyright 2020 The Matrix.org Foundation C.I.C. Copyright 2018 - 2021 New Vector Ltd
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.
@ -922,11 +921,7 @@ app.on('ready', async () => {
nodeIntegration: false, nodeIntegration: false,
//sandbox: true, // We enable sandboxing from app.enableSandbox() above //sandbox: true, // We enable sandboxing from app.enableSandbox() above
enableRemoteModule: false, enableRemoteModule: false,
// We don't use this: it's useful for the preload script to contextIsolation: true,
// share a context with the main page so we can give select
// objects to the main page. The sandbox option isolates the
// main page from the background script.
contextIsolation: false,
webgl: false, webgl: false,
spellcheck: true, spellcheck: true,
}, },

45
src/preload.js
View File

@ -1,5 +1,5 @@
/* /*
Copyright 2018, 2019 New Vector Ltd Copyright 2018, 2019, 2021 New Vector Ltd
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.
@ -14,7 +14,44 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/ */
const { ipcRenderer } = require('electron'); const { contextBridge, ipcRenderer } = require("electron");
// expose ipcRenderer to the renderer process // Expose only expected IPC wrapper APIs to the renderer process to avoid
window.ipcRenderer = ipcRenderer; // handing out generalised messaging access.
const CHANNELS = [
"app_onAction",
"before-quit",
"check_updates",
"install_update",
"ipcCall",
"ipcReply",
"loudNotification",
"preferences",
"seshat",
"seshatReply",
"setBadgeCount",
"update-downloaded",
"userDownloadCompleted",
"userDownloadOpen",
];
contextBridge.exposeInMainWorld(
"electron",
{
on(channel, listener) {
if (!CHANNELS.includes(channel)) {
console.error(`Unknown IPC channel ${channel} ignored`);
return;
}
ipcRenderer.on(channel, listener);
},
send(channel, ...args) {
if (!CHANNELS.includes(channel)) {
console.error(`Unknown IPC channel ${channel} ignored`);
return;
}
ipcRenderer.send(channel, ...args);
},
},
);