Enable context isolation, bridge expected IPC

This enables Electron's context isolation mode as recommended in their guidance. We use the context bridge feature to regain access to only the IPC channels we expect to have access to.
2024-10-03 17:42:41 +00:00 · 2021-01-13 15:21:00 +00:00 · 2021-01-13 15:21:00 +00:00 · 5ad0967b07
commit 5ad0967b07
parent 19515b614f
2 changed files with 43 additions and 11 deletions
--- a/src/electron-main.js
+++ b/src/electron-main.js
@ -1,9 +1,8 @@
 /*
 Copyright 2016 Aviral Dasgupta
 Copyright 2016 OpenMarket Ltd
-Copyright 2018, 2019 New Vector Ltd
 Copyright 2017, 2019 Michael Telatynski <7t3chguy@gmail.com>
-Copyright 2020 The Matrix.org Foundation C.I.C.
+Copyright 2018 - 2021 New Vector Ltd

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@ -922,11 +921,7 @@ app.on('ready', async () => {
            nodeIntegration: false,
            //sandbox: true, // We enable sandboxing from app.enableSandbox() above
            enableRemoteModule: false,
-            // We don't use this: it's useful for the preload script to
-            // share a context with the main page so we can give select
-            // objects to the main page. The sandbox option isolates the
-            // main page from the background script.
-            contextIsolation: false,
+            contextIsolation: true,
            webgl: false,
            spellcheck: true,
        },
--- a/src/preload.js
+++ b/src/preload.js
@ -1,5 +1,5 @@
 /*
-Copyright 2018, 2019 New Vector Ltd
+Copyright 2018, 2019, 2021 New Vector Ltd

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@ -14,7 +14,44 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

-const { ipcRenderer } = require('electron');
+const { contextBridge, ipcRenderer } = require("electron");

-// expose ipcRenderer to the renderer process
-window.ipcRenderer = ipcRenderer;
+// Expose only expected IPC wrapper APIs to the renderer process to avoid
+// handing out generalised messaging access.
+
+const CHANNELS = [
+    "app_onAction",
+    "before-quit",
+    "check_updates",
+    "install_update",
+    "ipcCall",
+    "ipcReply",
+    "loudNotification",
+    "preferences",
+    "seshat",
+    "seshatReply",
+    "setBadgeCount",
+    "update-downloaded",
+    "userDownloadCompleted",
+    "userDownloadOpen",
+];
+
+contextBridge.exposeInMainWorld(
+    "electron",
+    {
+        on(channel, listener) {
+            if (!CHANNELS.includes(channel)) {
+                console.error(`Unknown IPC channel ${channel} ignored`);
+                return;
+            }
+            ipcRenderer.on(channel, listener);
+        },
+        send(channel, ...args) {
+            if (!CHANNELS.includes(channel)) {
+                console.error(`Unknown IPC channel ${channel} ignored`);
+                return;
+            }
+            ipcRenderer.send(channel, ...args);
+        },
+    },
+);