Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change CREATE_NEW_WINDOW IPC call to accept a path and query #6595

Open
wants to merge 1 commit into
base: development
Choose a base branch
from
Open

Change CREATE_NEW_WINDOW IPC call to accept a path and query #6595

wants to merge 1 commit into from
+37 −23

Conversation

absidue
Copy link
Member

@absidue absidue commented Jan 16, 2025
edited
Loading

Change CREATE_NEW_WINDOW IPC call to accept a path and query

Pull Request Type

  • Security improvement

Description

Currently the CREATE_NEW_WINDOW IPC call accepts a URL and performs no validation on it, which means it can be used to open new windows with arbitrary URLs. This pull request locks it down by making it accept a path and query parameters instead, so that it can only be used to create windows with in-app URLs and adds some parameter validation.

Testing

  • Please check that the new window button in the top bar still works (calls CREATE_NEW_WINDOW with no parameters)
  • Please test opening various queries in new windows from the search bar (SHIFT+ENTER or SHIFT+click on the search button)

Desktop

  • OS: Windows
  • OS Version: 10
  • FreeTube version: 7ad5873

@github-actions github-actions bot added the PR: waiting for review For PRs that are complete, tested, and ready for review label Jan 16, 2025
@FreeTubeBot FreeTubeBot enabled auto-merge (squash) January 16, 2025 18:51
PikachuEXE
PikachuEXE requested changes Jan 18, 2025
View reviewed changes
src/main/index.js
Comment on lines +1020 to +1021
(typeof query !== 'object' && query != null) ||
(typeof searchQueryText !== 'string' && searchQueryText != null)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think to make this easier to read it should be reversed
If query/searchQueryText is not null/undefined and not a value of expected type

Suggested change
(typeof query !== 'object' && query != null) ||
(typeof searchQueryText !== 'string' && searchQueryText != null)
(query != null && typeof query !== 'object') ||
(searchQueryText != null && typeof searchQueryText !== 'string')

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PikachuEXE PikachuEXE PikachuEXE requested changes

@efb4f5ff-1298-471a-8973-3d47447115dc efb4f5ff-1298-471a-8973-3d47447115dc Awaiting requested review from efb4f5ff-1298-471a-8973-3d47447115dc

@ChunkyProgrammer ChunkyProgrammer Awaiting requested review from ChunkyProgrammer

@kommunarr kommunarr Awaiting requested review from kommunarr

@MarmadileManteater MarmadileManteater Awaiting requested review from MarmadileManteater

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
PR: waiting for review For PRs that are complete, tested, and ready for review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@absidue @PikachuEXE