From 3b6be1434b344229c5dc676032c033ad4766c515 Mon Sep 17 00:00:00 2001
From: Anirudh Sevugan <sonicforces207@gmail.com>
Date: Thu, 27 Feb 2025 21:57:13 +0530
Subject: [PATCH] Update renderer.js

---
 simpliplay/renderer.js | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/simpliplay/renderer.js b/simpliplay/renderer.js
index 88d6edd..ed1e275 100644
--- a/simpliplay/renderer.js
+++ b/simpliplay/renderer.js
@@ -1,8 +1,3 @@
-// Listen for media file URL from main process
-window.electron.receive("play-media", (fileURL) => {
-  loadMedia(fileURL);
-});
-
 function loadMedia(fileURL) {
   dialogOverlay.style.display = 'none';
   const mediaElement = document.getElementById("mediaPlayer");
@@ -18,3 +13,23 @@ function loadMedia(fileURL) {
     };
   }
 }
+
+// Validate media URL
+function isSafeURL(fileURL) {
+  try {
+    const url = new URL(fileURL);
+    return url.protocol === "file:";
+  } catch (error) {
+    return false;
+  }
+}
+
+
+// ✅ Listen for "play-media" event from main process securely
+window.electron.receive("play-media", (fileURL) => {
+  if (isSafeURL(fileURL)) {
+    loadMedia(fileURL);
+  } else {
+    console.warn("Blocked unsafe media URL:", fileURL);
+  }
+});