max
/
tauri-plugins-workspace
mirror of https://github.com/tauri-apps/plugins-workspace
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'beab018b21'
${ noResults }
tauri-plugins-workspace/.changes/fix-shell-open-scope.md

591 B
Raw Blame History

shell shell-js
patch:bug patch:bug

Apply the default open validation regex ^((mailto:\w+)|(tel:\w+)|(https?://\w+)).+ when the open configuration is not set, preventing unchecked input from being used in this scenario (previously the plugin would skip validation when it should disable all calls). This keeps backwards compatibility while still fixing this vulnerability. The scope is no longer validated for Rust calls via ShellExt::shell() so if you need to block JavaScript from calling the API you can simply set tauri.conf.json > plugins > shell > open to false.