From 00113d152705735c9fc12a53e9d76f99511ab458 Mon Sep 17 00:00:00 2001
From: Sindre Sorhus <sindresorhus@gmail.com>
Date: Wed, 25 May 2016 13:58:27 +0700
Subject: [PATCH] fix security issue (#68)

fixes #67
---
 browser.js                | 17 +++--------------
 index.js                  |  5 +----
 package.json              |  2 +-
 vendor/scroll-to-tweet.js |  4 ++++
 4 files changed, 9 insertions(+), 19 deletions(-)

diff --git a/browser.js b/browser.js
index 03e09d4..6eef916 100644
--- a/browser.js
+++ b/browser.js
@@ -1,12 +1,12 @@
 'use strict';
-/* globals Mousetrap scrollToTweet */
-const path = require('path');
 const electron = require('electron');
+const Mousetrap = require('./vendor/mousetrap.js');
+require('./vendor/mousetrap-global-bind.js');
+const scrollToTweet = require('./vendor/scroll-to-tweet.js');
 const ipc = electron.ipcRenderer;
 const remote = electron.remote;
 const storage = remote.require('./storage');
 const $ = document.querySelector.bind(document);
-// const $$ = document.querySelectorAll.bind(document);
 
 function changeTab(next) {
 	const pages = [
@@ -218,17 +218,6 @@ function zoomInit() {
 }
 
 document.addEventListener('DOMContentLoaded', () => {
-	// load vendor scripts
-	[
-		path.resolve('vendor/mousetrap.js'),
-		path.resolve('vendor/mousetrap-global-bind.js'),
-		path.resolve('vendor/scroll-to-tweet.js')
-	].forEach(src => {
-		const script = document.createElement('script');
-		script.textContent = `require('${src}')`;
-		document.head.appendChild(script);
-	});
-
 	zoomInit();
 
 	// enable OS specific styles
diff --git a/index.js b/index.js
index b08b6de..ff21929 100644
--- a/index.js
+++ b/index.js
@@ -50,10 +50,7 @@ function createMainWindow() {
 		backgroundColor: isDarkMode ? '#192633' : '#fff',
 		webPreferences: {
 			preload: path.join(__dirname, 'browser.js'),
-			// removed until preloads accepts more than a single file
-			// ref: https://github.com/electron/electron/issues/5400
-			// nodeIntegration: false,
-			webSecurity: false,
+			nodeIntegration: false,
 			plugins: true
 		}
 	});
diff --git a/package.json b/package.json
index 01cb916..fb02ea2 100644
--- a/package.json
+++ b/package.json
@@ -24,7 +24,7 @@
   },
   "devDependencies": {
     "electron-packager": "^7.0.0",
-    "electron-prebuilt": "^1.1.1",
+    "electron-prebuilt": "^1.1.2",
     "xo": "*"
   },
   "xo": {
diff --git a/vendor/scroll-to-tweet.js b/vendor/scroll-to-tweet.js
index 11c2aad..59cc425 100644
--- a/vendor/scroll-to-tweet.js
+++ b/vendor/scroll-to-tweet.js
@@ -54,4 +54,8 @@ Updates should happen there first.
 
 		window.scrollTo(0, scrollTarget);
 	};
+
+	if (typeof module !== 'undefined' && module.exports) {
+		module.exports = window.scrollToTweet;
+	}
 })();