[SecurityUtils] Remove sseoAllowlist option, have rewrite only

2 years ago · 4280c4ca70
parent b01660d49f
commit 4280c4ca70
2 changed files with 1 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -26,7 +26,6 @@ You can configure OpenAsar via `settings.json` (found in your Discord app data /
 - `autoupdate` (bool, default true) - whether to autoupdate OpenAsar after Discord startup
 - `updatePrompt` (bool, default false) - whether to show update prompt after updating OpenAsar
 - `splashText` (bool, default true) - whether to show bottom right version info text in splash
- `ssoeAllowlist` (bool, default true) - whether to use safer custom method of opening external urls (true) or normal Discord's method (false)

 ### Extra Discord Options
 - `multiInstance` (bool, default false) - whether to enable multi-instance
--- a/src/utils/securityUtils.js
+++ b/src/utils/securityUtils.js
@ -1,8 +1,6 @@
 const { shell } = require('electron');

-const BLOCKED_URL_PROTOCOLS = ['file:', 'javascript:', 'vbscript:', 'data:', 'about:', 'chrome:', 'ms-cxh:', 'ms-cxh-full:', 'ms-word:']; // From Discord
 const allowedProtocols = [ 'https:', 'http:' ];
-
 exports.saferShellOpenExternal = (url) => {
  let parsed;

@ -10,16 +8,7 @@ exports.saferShellOpenExternal = (url) => {
    parsed = new URL(url);
  } catch (_e) { return Promise.reject(); }

-  const protocol = parsed.protocol?.toLowerCase();
-
-  let disallowed = false;
-  if (oaConfig.ssoeAllowlist === false) { // Allow config option to use traditional Discord check for compatibility
-    if (!protocol || BLOCKED_URL_PROTOCOLS.includes(protocol)) disallowed = true;
-  } else {
-    if (!allowedProtocols.includes(protocol)) disallowed = true;
-  }
-
-  if (disallowed) return Promise.reject();
+  if (!allowedProtocols.includes(parsed.protocol?.toLowerCase())) return Promise.reject(); // Only allow some protocols

  return shell.openExternal(url);
 };