From 5d64df141b58c9982803477d2cd821ca3bd6283f Mon Sep 17 00:00:00 2001
From: "trop[bot]" <trop[bot]@users.noreply.github.com>
Date: Wed, 30 Jan 2019 09:58:05 -0800
Subject: [PATCH] fix: don't forward IPC filtering events to app for dev-tools
 and extensions (#16613)

---
 lib/browser/api/web-contents.js | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/lib/browser/api/web-contents.js b/lib/browser/api/web-contents.js
index adbe7e5710d5a..4fcef7c05f0af 100644
--- a/lib/browser/api/web-contents.js
+++ b/lib/browser/api/web-contents.js
@@ -358,6 +358,17 @@ const addReplyInternalToEvent = (event) => {
   })
 }
 
+const safeProtocols = new Set([
+  'chrome-devtools:',
+  'chrome-extension:'
+])
+
+const isWebContentsTrusted = function (contents) {
+  const pageURL = contents._getURL()
+  const { protocol } = url.parse(pageURL)
+  return safeProtocols.has(protocol)
+}
+
 // Add JavaScript wrappers for WebContents class.
 WebContents.prototype._init = function () {
   // The navigation controller.
@@ -428,7 +439,9 @@ WebContents.prototype._init = function () {
 
   for (const eventName of forwardedEvents) {
     this.on(eventName, (event, ...args) => {
-      app.emit(eventName, event, this, ...args)
+      if (!isWebContentsTrusted(event.sender)) {
+        app.emit(eventName, event, this, ...args)
+      }
     })
   }