-
Notifications
You must be signed in to change notification settings - Fork 65
LIMIT_NAVIGATION_GLOBAL_CHECK
Anthony Trummer edited this page Jan 6, 2022
·
5 revisions
LIMIT_NAVIGATION_GLOBAL_CHECK - Missing navigation limits using .on 'new-window' and 'will-navigate' events
This Global Check detects if the atomic LIMIT_NAVIGATION_JS_CHECK is missing, meaning that the .on call for 'new-window' and 'will-navigate' is never made in the target application to limit the application's navigation to only trusted origins.
This setting can be used to limit the exploitability of certain issues. Not enforcing navigation limits can result in the Electron application being under the full control of remote origins in case of accidental navigation.
Check for callbacks on the will-navigate and the new-windows events. These callbacks should be implemented to exclude potential flaws in the origin's validation mechanism.