Merge pull request #1404 from crypto-com/dev

crypto-matto · web-flow · commit 345bc67d83c3 · 2024-01-16T17:23:40.000+08:00
Internal Release v1.4.7
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -41,10 +41,10 @@ jobs:
           # Log in to Snap Store
           snapcraft_token: ${{ secrets.snapcraft_token }}
 
-      - name: Install AzureSignTool
-        # Only install Azure Sign Tool on Windows
-        if: startsWith(matrix.os, 'windows')
-        run: dotnet tool install --global AzureSignTool
+      # - name: Install AzureSignTool
+      #  # Only install Azure Sign Tool on Windows
+      #   if: startsWith(matrix.os, 'windows')
+      #   run: dotnet tool install --global AzureSignTool
 
       - name: Extract current branch name
         shell: bash
@@ -76,7 +76,7 @@ jobs:
 
       - name: Build/release Electron app (MacOS, Ubuntu, Windows)
         uses: samuelmeuli/action-electron-builder@v1
-        if: startsWith(matrix.os, 'macos') || startsWith(matrix.os, 'ubuntu')
+        # if: startsWith(matrix.os, 'macos') || startsWith(matrix.os, 'ubuntu')
         with:
 
           build_script_name: electron:pre-build
@@ -96,43 +96,43 @@ jobs:
           API_KEY_ID: ${{ secrets.mac_api_key_id }}
           API_KEY_ISSUER_ID: ${{ secrets.mac_api_key_issuer_id }}
           
-      - name: Build Electron app (Windows)
-        if: startsWith(matrix.os, 'windows')
-        run: |
-          yarn run electron:build
-
-      - name: Sign built binary (Windows)
-        if: startsWith(matrix.os, 'windows')
-        # Instead of pointing to a specific .exe, uses a PowerShell script which iterates through all the files stored in dist folder. 
-        # If the file has the .exe extension, then it will use the AzureSignTool command to sign it.
-        run: |
-              cd dist; Get-ChildItem -recurse -Include **.exe | ForEach-Object {
-              $exePath = $_.FullName
-              & AzureSignTool sign -kvu "${{ secrets.azure_key_vault_url }}" -kvi "${{ secrets.azure_key_vault_client_id }}" -kvt "${{ secrets.azure_key_vault_tenant_id }}" -kvs "${{ secrets.azure_key_vault_client_secret }}" -kvc "${{ secrets.azure_key_vault_name }}" -tr http://timestamp.digicert.com -v $exePath
-              }; cd ..
-
-      - name: Cleanup artifacts (Windows)
-        if: startsWith(matrix.os, 'windows')
-        run: |
-          mkdir dist/temp; Move-Item -Path dist/*.exe, dist/*.blockmap, dist/latest.yml -Destination dist/temp
-          npx rimraf "dist/!(temp)"
-          npx rimraf "dist/.icon-ico"
-          mv dist/temp/* dist
-          npx rimraf "dist/temp"
-
-      - name: Upload artifacts (Windows)
-        uses: actions/upload-artifact@v2
-        if: startsWith(matrix.os, 'windows')
-        with:
-          name: ${{ matrix.os }}
-          path: dist
-
-      - name: Release Electron app (Windows)
-        uses: softprops/action-gh-release@v1
-        if: startsWith(matrix.os, 'windows')
-        with:
-          draft: true
-          tag_name: v${{ steps.package_json.outputs.version }}
-          files: "dist/**"
-        env:
-          GITHUB_TOKEN: ${{ secrets.github_token }}
+      # - name: Build Electron app (Windows)
+      #   if: startsWith(matrix.os, 'windows')
+      #   run: |
+      #     yarn run electron:build
+
+      # - name: Sign built binary (Windows)
+      #   if: startsWith(matrix.os, 'windows')
+      #   # Instead of pointing to a specific .exe, uses a PowerShell script which iterates through all the files stored in dist folder. 
+      #   # If the file has the .exe extension, then it will use the AzureSignTool command to sign it.
+      #   run: |
+      #         cd dist; Get-ChildItem -recurse -Include **.exe | ForEach-Object {
+      #         $exePath = $_.FullName
+      #         & AzureSignTool sign -kvu "${{ secrets.azure_key_vault_url }}" -kvi "${{ secrets.azure_key_vault_client_id }}" -kvt "${{ secrets.azure_key_vault_tenant_id }}" -kvs "${{ secrets.azure_key_vault_client_secret }}" -kvc "${{ secrets.azure_key_vault_name }}" -tr http://timestamp.digicert.com -v $exePath
+      #         }; cd ..
+
+      # - name: Cleanup artifacts (Windows)
+      #   if: startsWith(matrix.os, 'windows')
+      #   run: |
+      #     mkdir dist/temp; Move-Item -Path dist/*.exe, dist/*.blockmap, dist/latest.yml -Destination dist/temp
+      #     npx rimraf "dist/!(temp)"
+      #     npx rimraf "dist/.icon-ico"
+      #     mv dist/temp/* dist
+      #     npx rimraf "dist/temp"
+
+      # - name: Upload artifacts (Windows)
+      #   uses: actions/upload-artifact@v2
+      #   if: startsWith(matrix.os, 'windows')
+      #   with:
+      #     name: ${{ matrix.os }}
+      #     path: dist
+
+      # - name: Release Electron app (Windows)
+      #   uses: softprops/action-gh-release@v1
+      #   if: startsWith(matrix.os, 'windows')
+      #   with:
+      #     draft: true
+      #     tag_name: v${{ steps.package_json.outputs.version }}
+      #     files: "dist/**"
+      #   env:
+      #     GITHUB_TOKEN: ${{ secrets.github_token }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,9 @@ All notable changes to this project will be documented in this file.
 *Unreleased*
 
 *Released*
+## [v1.4.7] - 2024-01-16
+### Additions
+- Security enhancement on DApp Browser
 ## [v1.4.6] - 2023-12-04
 ### Additions
 - Adapt to Christmas Theme
diff --git a/electron/main.ts b/electron/main.ts
@@ -160,7 +160,7 @@ function createWindow() {
 
   // DevTools
   installExtension(REACT_DEVELOPER_TOOLS)
-    .then(name => console.log(`Added Extension:  ${name}`))
+    .then()
     .catch(err => console.log('An error occurred: ', err));
 
   if (isDev) {
@@ -197,14 +197,50 @@ app.on('ready', async function () {
 });
 
 app.on('web-contents-created', (event, contents) => {
+  
+  if (contents.getType() == 'window') {
+    contents.on('will-navigate', (event, url) => {
+      if (!isValidURL(url)) {
+        event.preventDefault();
+        return;
+      }
+    })
+  }
+
   if (contents.getType() == 'webview') {
+    // blocks any new windows from being opened
+    contents.setWindowOpenHandler((detail) => {
+
+      if (isValidURL(detail.url)) {
+        return {action: 'allow'};
+      }
+
+      console.log('open url reject, not valid', detail.url);
+      return {action: 'deny'};
+    })
+    
+    // new-window api deprecated, but still working for now
+    contents.on('new-window', (event, url, frameName, disposition, options) => {
+      options.webPreferences = {
+        ...options.webPreferences,
+        javascript: false,
+      };
+      
+      if (!isValidURL(url)) {
+        event.preventDefault();
+        return;
+      }
+
+      require('electron').shell.openExternal(url);
+    })
+
     contents.on('will-navigate', (event, url) => {
       if (!isValidURL(url)) {
         event.preventDefault();
       }
     })
 
-    // bolcks 301/302 redirect if the url is not valid
+    // blocks 301/302 redirect if the url is not valid
     contents.on('will-redirect', (event, url) => {
       if (!isValidURL(url)) {
         event.preventDefault();
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "chain-desktop-wallet",
-  "version": "1.4.6",
+  "version": "1.4.7",
   "description": "Crypto.com DeFi Desktop Wallet App",
   "repository": "github:crypto-com/chain-desktop-wallet",
   "author": "Crypto.com <contact@crypto.com>",
diff --git a/public/icon.png b/public/icon.png

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "chain-desktop-wallet",`
`3`		`- "version": "1.4.6",`
	`3`	`+ "version": "1.4.7",`
`4`	`4`	`"description": "Crypto.com DeFi Desktop Wallet App",`
`5`	`5`	`"repository": "github:crypto-com/chain-desktop-wallet",`
`6`	`6`	`"author": "Crypto.com <contact@crypto.com>",`