mirror of
https://github.com/zulip/zulip-desktop.git
synced 2025-10-27 18:13:45 +00:00
Compare commits
5 Commits
windows-re
...
security-f
| Author | SHA1 | Date | |
|---|---|---|---|
|
88058bdbc4 | ||
|
|
ea6665cd10 | ||
|
|
9dde6fb6e4 | ||
|
|
b4278ce860 | ||
|
|
a1e8d37da5 |
@@ -1,45 +1,50 @@
|
|||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<html lang="en">
|
<html lang="en">
|
||||||
<head>
|
|
||||||
<meta charset="UTF-8">
|
<head>
|
||||||
<link rel="stylesheet" href="css/about.css">
|
<meta charset="UTF-8">
|
||||||
</head>
|
<link rel="stylesheet" href="css/about.css">
|
||||||
<body>
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
<div class="about">
|
<div class="about">
|
||||||
<img class="logo" src="../resources/zulip.png" />
|
<img class="logo" src="../resources/zulip.png" />
|
||||||
<p class="detail" id="version">v?.?.?</p>
|
<p class="detail" id="version">v?.?.?</p>
|
||||||
<div class="maintenance-info">
|
<div class="maintenance-info">
|
||||||
<p class="detail maintainer">
|
<p class="detail maintainer">
|
||||||
Maintained by <a onclick="linkInBrowser('website')">Zulip</a>
|
Maintained by
|
||||||
|
<a onclick="linkInBrowser('website')">Zulip</a>
|
||||||
</p>
|
</p>
|
||||||
<p class="detail license">
|
<p class="detail license">
|
||||||
Available under the <a onclick="linkInBrowser('license')">Apache 2.0 License</a>
|
Available under the
|
||||||
|
<a onclick="linkInBrowser('license')">Apache 2.0 License</a>
|
||||||
</p>
|
</p>
|
||||||
<a class="bug" onclick="linkInBrowser('bug')" href="#">Found bug?</a>
|
<a class="bug" onclick="linkInBrowser('bug')" href="#">Found bug?</a>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<script>
|
<script>
|
||||||
|
|
||||||
const { app } = require('electron').remote;
|
const { app } = require('electron').remote;
|
||||||
const { shell } = require('electron');
|
const { shell } = require('electron');
|
||||||
const version_tag = document.querySelector('#version');
|
const version_tag = document.querySelector('#version');
|
||||||
version_tag.innerHTML = 'v' + app.getVersion();
|
version_tag.innerHTML = 'v' + app.getVersion();
|
||||||
|
|
||||||
function linkInBrowser(type) {
|
function linkInBrowser(type) {
|
||||||
let url;
|
let url;
|
||||||
switch (type) {
|
switch (type) {
|
||||||
case 'website':
|
case 'website':
|
||||||
url = "https://zulipchat.com";
|
url = "https://zulipchat.com";
|
||||||
break;
|
break;
|
||||||
case 'license':
|
case 'license':
|
||||||
url = "https://github.com/zulip/zulip-electron/blob/master/LICENSE";
|
url = "https://github.com/zulip/zulip-electron/blob/master/LICENSE";
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
url = 'https://github.com/zulip/zulip-electron/issues/new?body=' +
|
url = 'https://github.com/zulip/zulip-electron/issues/new?body=' +
|
||||||
'%3C!--Please%20describe%20your%20issue%20and%20steps%20to%20reproduce%20it.--%3E';
|
'%3C!--Please%20describe%20your%20issue%20and%20steps%20to%20reproduce%20it.--%3E';
|
||||||
|
}
|
||||||
|
shell.openExternal(url);
|
||||||
}
|
}
|
||||||
shell.openExternal(url);
|
|
||||||
}
|
|
||||||
</script>
|
</script>
|
||||||
</body>
|
<script>require('./js/shared/preventdrag.js')</script>
|
||||||
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|||||||
@@ -8,6 +8,9 @@ const ConfigUtil = require(__dirname + '/utils/config-util.js');
|
|||||||
// eslint-disable-next-line import/no-unassigned-import
|
// eslint-disable-next-line import/no-unassigned-import
|
||||||
require('./notification');
|
require('./notification');
|
||||||
|
|
||||||
|
// Prevent drag and drop event in main process which prevents remote code executaion
|
||||||
|
require(__dirname + '/shared/preventdrag.js');
|
||||||
|
|
||||||
const logout = () => {
|
const logout = () => {
|
||||||
// Create the menu for the below
|
// Create the menu for the below
|
||||||
document.querySelector('.dropdown-toggle').click();
|
document.querySelector('.dropdown-toggle').click();
|
||||||
|
|||||||
17
app/renderer/js/shared/preventdrag.js
Normal file
17
app/renderer/js/shared/preventdrag.js
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
'use strict';
|
||||||
|
|
||||||
|
// This is a security fix. Following function prevents drag and drop event in the app
|
||||||
|
// so that attackers can't execute any remote code within the app
|
||||||
|
// It doesn't affect the compose box so that users can still
|
||||||
|
// use drag and drop event to share files etc
|
||||||
|
|
||||||
|
const preventDragAndDrop = () => {
|
||||||
|
const preventEvents = ['dragover', 'drop'];
|
||||||
|
preventEvents.forEach(dragEvents => {
|
||||||
|
document.addEventListener(dragEvents, event => {
|
||||||
|
event.preventDefault();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
preventDragAndDrop();
|
||||||
@@ -44,4 +44,5 @@
|
|||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
<script src="js/main.js"></script>
|
<script src="js/main.js"></script>
|
||||||
|
<script>require('./js/shared/preventdrag.js')</script>
|
||||||
</html>
|
</html>
|
||||||
@@ -17,5 +17,6 @@
|
|||||||
<div id="reconnect">Try now</div>
|
<div id="reconnect">Try now</div>
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
<script src="js/pages/network.js"></script>
|
<script src="js/pages/network.js"></script>
|
||||||
|
<script>require('./js/shared/preventdrag.js')</script>
|
||||||
</html>
|
</html>
|
||||||
|
|||||||
@@ -13,4 +13,5 @@
|
|||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
<script src="js/pages/preference/preference.js"></script>
|
<script src="js/pages/preference/preference.js"></script>
|
||||||
|
<script>require('./js/shared/preventdrag.js')</script>
|
||||||
</html>
|
</html>
|
||||||
|
|||||||
Reference in New Issue
Block a user