Drag and drop navigates to dropped file
Closed this issue · 0 comments
Bug
Description
Dragging and dropping a file into Sunder causes the BrowserWindow to navigate to that file, with no way to go back.
This also creates a potential security issue if one were to drop a malicious html document, as it inherits the permissions of the window, including access to node apis.
Steps to Reproduce
Run Sunder.
Drag and drop any file onto the window.
Expected Behavior
Either do nothing or select the file for sundering/rendering, depending on the state of the UI.
Actual Behavior
Renders the file. If it is an html file which contains malicious scripts or resources, they are loaded in an unsafe context (i.e., node integration enabled).
Comments
Define drag and drop handler on the window. If you don't intend to navigate away from app.html, for layered protection consider also:
mainWindow.webContents.on('will-navigate', function(e) {
e.preventDefault();
});