mirror of
https://github.com/zulip/zulip-desktop.git
synced 2025-10-31 03:53:34 +00:00
e776222d6b
This stops a remote code execution via drag and drop event in the main/renderer process. Fixes #453.
18 lines
509 B
JavaScript
18 lines
509 B
JavaScript
'use strict';
|
|
|
|
// This is a security fix. Following function prevents drag and drop event in the app
|
|
// so that attackers can't execute any remote code within the app
|
|
// It doesn't affect the compose box so that users can still
|
|
// use drag and drop event to share files etc
|
|
|
|
const preventDragAndDrop = () => {
|
|
const preventEvents = ['dragover', 'drop'];
|
|
preventEvents.forEach(dragEvents => {
|
|
document.addEventListener(dragEvents, event => {
|
|
event.preventDefault();
|
|
});
|
|
});
|
|
};
|
|
|
|
preventDragAndDrop();
|