Remove preventdrag script.

This was not a security feature; security is enforced using context isolation and the same-origin policy. Furthermore, navigation on drag-and-drop was already disabled by default in Electron 3.0. https://www.electronjs.org/blog/electron-3-0#breaking-api-changes Signed-off-by: Anders Kaseorg <[email protected]>
aryanshridhar · Nov 18, 2020 · ba432d3 · ba432d3
1 parent c8ada3f
commit ba432d3
Show file tree

Hide file tree

Showing 5 changed files with 0 additions and 24 deletions.
diff --git a/app/renderer/about.html b/app/renderer/about.html
@@ -28,6 +28,5 @@
             const version_tag = document.querySelector('#version');
             version_tag.textContent = 'v' + app.getVersion();
         </script>
-        <script>require('./js/shared/preventdrag.js')</script>
     </body>
 </html>
diff --git a/app/renderer/js/preload.ts b/app/renderer/js/preload.ts
@@ -7,10 +7,6 @@ import electron_bridge from './electron-bridge';
 import {loadBots} from './notification/helpers';
 import * as NetworkError from './pages/network';
 
-// Prevent drag and drop event in main process which prevents remote code executaion
-// eslint-disable-next-line import/no-unassigned-import
-import './shared/preventdrag';
-
 contextBridge.exposeInMainWorld('raw_electron_bridge', electron_bridge);
 
 electron_bridge.once('zulip-loaded', async () => {

diff --git a/app/renderer/js/shared/preventdrag.ts b/app/renderer/js/shared/preventdrag.ts
diff --git a/app/renderer/main.html b/app/renderer/main.html
@@ -61,5 +61,4 @@
         // it messes up require module path resolution
         require('./js/main');
     </script>
-    <script>require('./js/shared/preventdrag.js')</script>
 </html>
diff --git a/app/renderer/preference.html b/app/renderer/preference.html
@@ -16,6 +16,5 @@
     <script>
         document.querySelector('#tagify-css').href = require.resolve('@yaireo/tagify/dist/tagify.css');
         require('./js/pages/preference/preference.js');
-        require('./js/shared/preventdrag.js')
     </script>
 </html>