Fix electron window.open vulnerability (#3457)

* Fix electron window.open vulnerability * Comment to remove fix when merged into Hyper3
2026-01-12 20:18:41 -09:00 · 2019-02-05 05:39:36 +01:00 · 2019-02-05 05:39:36 +01:00 · 17fcae570b
commit 17fcae570b
parent 1a82866fec
1 changed files with 4 additions and 0 deletions
--- a/app/ui/window.js
+++ b/app/ui/window.js
@ -226,6 +226,10 @@ module.exports = class Window {
      }
    });

+    // mitigate a security issue: https://electronjs.org/blog/window-open-fix
+    // TODO: remove when merged into Hyper 3 (already has the fix via electron)
+    window.webContents.on('-add-new-contents', e => e.preventDefault());
+
    // expose internals to extension authors
    window.rpc = rpc;
    window.sessions = sessions;