From ddc6b29f42024f796437e04783a63c00f3ec7c98 Mon Sep 17 00:00:00 2001
From: Milan Burda <milan.burda@gmail.com>
Date: Sun, 27 Jan 2019 16:53:58 +0100
Subject: [PATCH] fix: don't forward IPC filtering events to app for dev-tools
 and extensions

---
 lib/browser/api/web-contents.js | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/lib/browser/api/web-contents.js b/lib/browser/api/web-contents.js
index 2b8a5c5fce2e9..d3a012ff71ffa 100644
--- a/lib/browser/api/web-contents.js
+++ b/lib/browser/api/web-contents.js
@@ -365,6 +365,17 @@ const addReturnValueToEvent = (event) => {
   })
 }
 
+const safeProtocols = new Set([
+  'chrome-devtools:',
+  'chrome-extension:'
+])
+
+const isWebContentsTrusted = function (contents) {
+  const pageURL = contents._getURL()
+  const { protocol } = url.parse(pageURL)
+  return safeProtocols.has(protocol)
+}
+
 // Add JavaScript wrappers for WebContents class.
 WebContents.prototype._init = function () {
   // The navigation controller.
@@ -425,7 +436,9 @@ WebContents.prototype._init = function () {
 
   for (const eventName of forwardedEvents) {
     this.on(eventName, (event, ...args) => {
-      app.emit(eventName, event, this, ...args)
+      if (!isWebContentsTrusted(event.sender)) {
+        app.emit(eventName, event, this, ...args)
+      }
     })
   }