From 38e57d5b3be217a990e9a8cd002bc44de815ebe2 Mon Sep 17 00:00:00 2001
From: maple <kirby741852963@gmail.com>
Date: Mon, 19 Jun 2023 15:39:03 +0800
Subject: [PATCH] Fix command injection in link handler

---
 src/main/base/app.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/base/app.ts b/src/main/base/app.ts
index 6ca2fc5bb..feb96eb1f 100644
--- a/src/main/base/app.ts
+++ b/src/main/base/app.ts
@@ -173,7 +173,7 @@ export class AppEvents {
         console.log("token: ", authURI.split("lastfm?token=")[1]);
         utils
           .getWindow()
-          .webContents.executeJavaScript(`ipcRenderer.send('lastfm:auth', "${authURI.split("lastfm?token=")[1]}")`)
+          .webContents.executeJavaScript(`ipcRenderer.send('lastfm:auth', ${JSON.stringify(authURI.split("lastfm?token=")[1])})`)
           .catch(console.error);
       }
     } else if (arg.includes("playpause")) {
@@ -220,7 +220,7 @@ export class AppEvents {
     } else if (arg.includes("/beep")) {
       shell.beep();
     } else {
-      utils.getWindow().webContents.executeJavaScript(`app.appRoute('${arg.split("//")[1]}')`);
+      utils.getWindow().webContents.executeJavaScript(`app.appRoute(${JSON.stringify(arg.split("//")[1])})`);
     }
   }