Implement a strict whitelist of resources. Whitelist GitHub repositories and
domains strictly instead of using an open ended regular expression.
Fether uses blacklist patterns when determining whether a window should be allowed to
open. The use of a blacklist could be abusable by an
attacker in certain circumstances, allowing malicious endpoints adhering to the blacklist
patterns to be opened, as see
Implement a strict whitelist of resources. Whitelist GitHub repositories and domains strictly instead of using an open ended regular expression.
Fether uses blacklist patterns when determining whether a window should be allowed to open. The use of a blacklist could be abusable by an attacker in certain circumstances, allowing malicious endpoints adhering to the blacklist patterns to be opened, as see
https://github.com/paritytech/fether/blob/master/packages/fether-electron/src/main/app/utils/isTrustedUrlPattern.js#L43-L60
https://github.com/paritytech/fether/blob/master/packages/fether-electron/src/main/index.js#L165
https://github.com/paritytech/fether/blob/master/packages/fether-electron/src/main/app/utils/isTrustedUrlPattern.js#L56-L67