fix(desktop): validate URL schemes before shell.openExternal

2026-06-01 19:01:37 +00:00 · 2026-03-20 10:06:36 +01:00
parent 23de2197fd
commit b9d4d5e4ac
1 changed files with 17 additions and 3 deletions
--- a/desktop/main.js
+++ b/desktop/main.js
@@ -20,10 +20,24 @@ function createWindow() {
 		}
 	})

-	// Open external links in the browser
+	// Open external links in the browser, but only allow protocols
+	// that the TipTap editor also allows (see frontend/src/components/input/editor/TipTap.vue).
+	// TipTap allows: http, https (built-in) + ftp, git, obsidian, notion, message
+	// We also allow mailto since it's a standard safe protocol for email links.
 	mainWindow.webContents.setWindowOpenHandler(({ url }) => {
-  	shell.openExternal(url);
-	  return { action: 'deny' };
+		try {
+			const parsedUrl = new URL(url);
+			const allowedProtocols = [
+				'http:', 'https:', 'mailto:',
+				'ftp:', 'git:', 'obsidian:', 'notion:', 'message:',
+			];
+			if (allowedProtocols.includes(parsedUrl.protocol)) {
+				shell.openExternal(url);
+			}
+		} catch {
+			// Invalid URL, ignore silently
+		}
+		return { action: 'deny' };
 	});

 	// Hide the toolbar