paulmataruso/zulip-desktop
1
0
Fork 0
mirror of https://github.com/zulip/zulip-desktop.git synced 2025-11-03 21:43:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove preventdrag script.

Browse Source 
This was not a security feature; security is enforced using context
isolation and the same-origin policy.

Furthermore, navigation on drag-and-drop was already disabled by
default in Electron 3.0.

https://www.electronjs.org/blog/electron-3-0#breaking-api-changes

Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg
2020-11-17 15:50:23 -08:00
parent c8ada3f47d
commit ba432d32b3
5 changed files with 0 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/renderer/about.html
View File

@@ -28,6 +28,5 @@
const version_tag = document.querySelector('#version');
version_tag.textContent = 'v' + app.getVersion();
</script>
<script>require('./js/shared/preventdrag.js')</script>
</body>
</html>

4
app/renderer/js/preload.ts
View File

@@ -7,10 +7,6 @@ import electron_bridge from './electron-bridge';
import {loadBots} from './notification/helpers';
import * as NetworkError from './pages/network';
// Prevent drag and drop event in main process which prevents remote code executaion
// eslint-disable-next-line import/no-unassigned-import
import './shared/preventdrag';
contextBridge.exposeInMainWorld('raw_electron_bridge', electron_bridge);
electron_bridge.once('zulip-loaded', async () => {

17
app/renderer/js/shared/preventdrag.ts
View File

@@ -1,17 +0,0 @@
// This is a security fix. Following function prevents drag and drop event in the app
// so that attackers can't execute any remote code within the app
// It doesn't affect the compose box so that users can still
// use drag and drop event to share files etc
const preventDragAndDrop = (): void => {
const preventEvents = ['dragover', 'drop'];
preventEvents.forEach(dragEvents => {
document.addEventListener(dragEvents, event => {
event.preventDefault();
});
});
};
preventDragAndDrop();
export {};

1
app/renderer/main.html
View File

@@ -61,5 +61,4 @@
// it messes up require module path resolution
require('./js/main');
</script>
<script>require('./js/shared/preventdrag.js')</script>
</html>

1
app/renderer/preference.html
View File

@@ -16,6 +16,5 @@
<script>
document.querySelector('#tagify-css').href = require.resolve('@yaireo/tagify/dist/tagify.css');
require('./js/pages/preference/preference.js');
require('./js/shared/preventdrag.js')
</script>
</html>