From 4d9fcf936dfdbc23ce905e163f44dace7ebaf171 Mon Sep 17 00:00:00 2001
From: Jerrod Lankford <jllankfo@ncsu.edu>
Date: Tue, 14 Sep 2021 20:40:34 -0400
Subject: [PATCH] Fix security vulnerability and remove menu  on customize page

---
 src/main.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main.js b/src/main.js
index bf1d125..a76052e 100644
--- a/src/main.js
+++ b/src/main.js
@@ -6,6 +6,7 @@ const path = require('path');
 const ThemeInjector = require('./utils/themeInjector');
 const MenuInjector = require('./utils/menuInjector');
 const Store = require('electron-store');
+const Url = require('url');
 
 // Constants
 const store = new Store();
@@ -69,6 +70,7 @@ ipcMain.on('show-customize', () => {
         }
     });
     win.setBrowserView(view);
+    win.removeMenu();
     view.setBounds({ x: 0, y: 0, width: 800, height: 600 });
     view.webContents.loadFile(path.join(appPath, 'src', 'pages', 'customize.html'));
 
@@ -160,7 +162,8 @@ function createWindow() {
         // signed into services that need authentication (e.g. Spotify).  Note that if the user ever gets
         // stuck navigated somewhere that isn't the main Google Voice page, they can always use the "Reload"
         // item in the notification area icon context menu to get back to the Google Voice home page.
-        if ((url.startsWith('https://voice.google.com') || url.startsWith('https://accounts.google.com'))) {
+        const hostName = Url.parse(url).hostname;
+        if ( hostName === 'voice.google.com' || hostName === 'accounts.google.com') {
             win && win.loadURL(url);
         }
         else {