Closed 1-alex98 closed 1 year ago
As it is right now I am able to do RCE if I control a markdown link that a user clicks. I can use XSS to set target to open the link inside electron and not the browser. Thereby redirecting the user to JS I control. Since "nodeIntegration" is turned on I gain RCE by this. I suggest to santize User Input and not solely rely on dompurify(update: seems like that is not possible easily). Also I would disallow navigation away from the index.hml in electron as suggested by(done in PR) https://www.electronjs.org/docs/latest/tutorial/security#13-disable-or-limit-navigation
Among input sanitization https://www.electronjs.org/docs/latest/tutorial/security#13-disable-or-limit-navigation