From aa40a44ce356a5ae6053da742c692fd0ebb1f243 Mon Sep 17 00:00:00 2001
From: Franco Montenegro <franco.montenegro.ruke@gmail.com>
Date: Wed, 16 Feb 2022 19:28:21 -0300
Subject: [PATCH] Only allow to window.open http and https protocols.

---
 electron/createWindow.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/electron/createWindow.js b/electron/createWindow.js
index bddb0e24d..2d24199e1 100644
--- a/electron/createWindow.js
+++ b/electron/createWindow.js
@@ -191,8 +191,11 @@ export default appState => {
   });
 
   window.webContents.setWindowOpenHandler((details) => {
-    // Open the link in a browser tab.
-    shell.openExternal(details.url);
+    // Only open http and https links to prevent
+    // security issues.
+    if (['https:', 'http:'].includes(new URL(details.url).protocol)) {
+      shell.openExternal(details.url);
+    }
     return { action: 'deny' };
   });