-
Notifications
You must be signed in to change notification settings - Fork 68
LIMIT_NAVIGATION_JS_CHECK
Anthony Trummer edited this page Jan 6, 2022
·
3 revisions
Creation of a new window or the navigation to a specific origin can be inspected and validated using callbacks for the new-window and will-navigate events.
Electron applications can limit the navigation flows by implementing a similar code snippet:
win.webContents.on('will-navigate', (event, newURL) => {
if (win.webContents.getURL() !== 'https://doyensec.com' ) {
event.preventDefault();
}
})This setting can be used to limit the exploitability of certain issues. Not enforcing navigation limits can result in the Electron application being under the full control of remote origins in case of accidental navigation.
Check every callback of the will-navigate and the new-windows events. These callbacks should be reviewed thoroughly to exclude potential flaws in the origin's validation mechanism.