-
Notifications
You must be signed in to change notification settings - Fork 68
AUXCLICK_HTML_CHECK
The creation of a new browser window or the navigation to untrusted origins may lead to severe vulnerabilities. Additionally, middle-click causes Electron to open a link within a new window. Under certain circumstances, this can be leveraged to execute arbitrary JavaScript in the context of a new window.
Navigation to untrusted origins can facilitate attacks, thus it is recommend to
limit the ability of a BrowserWindow or webview guest page to initiate new
navigation flows.
Middle-click events can be leveraged to subvert the flow of the application.
Creation of a new window or the navigation to a specific origin can be inspected and validated using callbacks for the new-window and willnavigate events. Your application can limit the navigation flows by implementing something like:
win.webContents.on('will-navigate', (event, newURL) => {
if (win.webContents.getURL() !== 'https://doyensec.com') {
event.preventDefault();
}
})However, libchromiumcontent will trigger middle-click events as auxclick instead of click.
If you use webview, your application has to explicitly disable this insecure behavior using something like:
<webview src="https://www.github.com/" disableblinkfeatures="Auxclick"></webview>