Disable eval(), its use is not needed and improves security.

This commit is contained in:
Daniel Scalzi 2018-04-25 17:51:10 -04:00
parent 1b38629084
commit 92d8a5e254
No known key found for this signature in database
GPG Key ID: 5CA2F145B63535F9
2 changed files with 8 additions and 2 deletions

View File

@ -13,9 +13,9 @@ document.addEventListener('readystatechange', function(){
} }
} }
if (document.readyState === 'interactive'){ /*if (document.readyState === 'interactive'){
} }*/
}, false) }, false)
/* Overlay Wrapper Functions */ /* Overlay Wrapper Functions */

View File

@ -8,6 +8,12 @@
const $ = require('jquery'); const $ = require('jquery');
const {remote, shell, webFrame} = require('electron') const {remote, shell, webFrame} = require('electron')
// Disable eval function.
// eslint-disable-next-line
window.eval = global.eval = function () {
throw new Error('Sorry, this app does not support window.eval().')
}
// Disable zoom, needed for darwin. // Disable zoom, needed for darwin.
webFrame.setZoomLevel(0) webFrame.setZoomLevel(0)
webFrame.setVisualZoomLevelLimits(1, 1) webFrame.setVisualZoomLevelLimits(1, 1)