From 17fcae570bda7de94afead62f9a1e2b05d450b76 Mon Sep 17 00:00:00 2001
From: CHaBou <chabup@delean.fr>
Date: Tue, 5 Feb 2019 05:39:36 +0100
Subject: [PATCH] Fix electron window.open vulnerability (#3457)

* Fix electron window.open vulnerability

* Comment to remove fix when merged into Hyper3
---
 app/ui/window.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/ui/window.js b/app/ui/window.js
index 751583c5d6a9..0a8a0d278e09 100644
--- a/app/ui/window.js
+++ b/app/ui/window.js
@@ -226,6 +226,10 @@ module.exports = class Window {
       }
     });
 
+    // mitigate a security issue: https://electronjs.org/blog/window-open-fix
+    // TODO: remove when merged into Hyper 3 (already has the fix via electron)
+    window.webContents.on('-add-new-contents', e => e.preventDefault());
+
     // expose internals to extension authors
     window.rpc = rpc;
     window.sessions = sessions;