From 417e53cb137937e4053afe6b294bdebecfba60e4 Mon Sep 17 00:00:00 2001
From: Devin Binnie <52460000+devinbinnie@users.noreply.github.com>
Date: Mon, 6 Mar 2023 09:11:39 -0500
Subject: [PATCH] [MM-50948] Prevent popup windows from navigating outside of
 the plugin/managed resource URLs (#2580)

---
 src/main/views/webContentEvents.ts | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/main/views/webContentEvents.ts b/src/main/views/webContentEvents.ts
index e9755407..e7c808a5 100644
--- a/src/main/views/webContentEvents.ts
+++ b/src/main/views/webContentEvents.ts
@@ -187,6 +187,17 @@ export class WebContentsEventManager {
                             spellcheck: (typeof spellcheck === 'undefined' ? true : spellcheck),
                         },
                     });
+                    this.popupWindow.webContents.on('will-redirect', (event, url) => {
+                        const parsedURL = urlUtils.parseURL(url);
+                        if (!parsedURL) {
+                            event.preventDefault();
+                            return;
+                        }
+
+                        if (urlUtils.isInternalURL(serverURL, parsedURL) && !urlUtils.isPluginUrl(serverURL, parsedURL) && !urlUtils.isManagedResource(serverURL, parsedURL)) {
+                            event.preventDefault();
+                        }
+                    });
                     this.popupWindow.webContents.setWindowOpenHandler(this.denyNewWindow);
                     this.popupWindow.once('ready-to-show', () => {
                         this.popupWindow!.show();