Skip to content

Protocol Path Sanitisation #149

Description

@jmannau

In regards to securely handling custom protocols, the electron docs suggest preventing relative path traversal (https://www.electronjs.org/docs/latest/api/protocol#protocolhandlescheme-handler)

// NB, this checks for paths that escape the bundle, e.g.
// app://bundle/../../secret_file.txt
const pathToServe = path.resolve(__dirname, pathname)
const relativePath = path.relative(__dirname, pathToServe)
const isSafe = relativePath && !relativePath.startsWith('..') && !path.isAbsolute(relativePath)
if (!isSafe) {
  return new Response('bad', {
    status: 400,
    headers: { 'content-type': 'text/html' }
  })
}

return net.fetch(pathToFileURL(pathToServe).toString())

How does this compare to the current protocol handler https://github.com/reZach/secure-electron-template/blob/master/app/electron/protocol.js

Is there benefit to one over? I am happy to make a PR to add comments explaining the benefits or to consolidate on the the preferred option.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions