From 92d8a5e254c7086c19fbc6611abf103a5d87adf0 Mon Sep 17 00:00:00 2001 From: Daniel Scalzi Date: Wed, 25 Apr 2018 17:51:10 -0400 Subject: [PATCH] Disable eval(), its use is not needed and improves security. --- app/assets/js/scripts/actionbinder.js | 4 ++-- app/assets/js/scripts/uicore.js | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/app/assets/js/scripts/actionbinder.js b/app/assets/js/scripts/actionbinder.js index ff7d779..1ec41cf 100644 --- a/app/assets/js/scripts/actionbinder.js +++ b/app/assets/js/scripts/actionbinder.js @@ -13,9 +13,9 @@ document.addEventListener('readystatechange', function(){ } } - if (document.readyState === 'interactive'){ + /*if (document.readyState === 'interactive'){ - } + }*/ }, false) /* Overlay Wrapper Functions */ diff --git a/app/assets/js/scripts/uicore.js b/app/assets/js/scripts/uicore.js index c2812e2..6cc9906 100644 --- a/app/assets/js/scripts/uicore.js +++ b/app/assets/js/scripts/uicore.js @@ -8,6 +8,12 @@ const $ = require('jquery'); const {remote, shell, webFrame} = require('electron') +// Disable eval function. +// eslint-disable-next-line +window.eval = global.eval = function () { + throw new Error('Sorry, this app does not support window.eval().') +} + // Disable zoom, needed for darwin. webFrame.setZoomLevel(0) webFrame.setVisualZoomLevelLimits(1, 1)