Skip to content

Instantly share code, notes, and snippets.

@matt-
Last active Aug 23, 2018
Embed
What would you like to do?
CVE-2018-15685
mainWindow.webContents.on('new-window', e => e.preventDefault())
const enforceInheritance = (topWebContents) => {
const handle = (webContents) => {
webContents.on('new-window', (event, url, frameName, disposition, options) => {
if (!options.webPreferences) {
options.webPreferences = {}
}
Object.assign(options.webPreferences, topWebContents.getLastWebPreferences())
if (options.webContents) {
handle(options.webContents)
}
})
}
handle(topWebContents)
}
enforceInheritance(mainWindow.webContents)
open('about:blank').open('data:text/html,<script>document.write(process.cwd())</script>')
win.webPreferences = {
allowRunningInsecureContent: false,
contextIsolation: true,
nodeIntegration: false,
nativeWindowOpen: true
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment