diff --git a/CHANGELOG.md b/CHANGELOG.md index e6db2a7ac..618fd04da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file. *Unreleased* *Released* +## [v1.4.9] - 2024-03-07 +### Additions +- Security enhancement on DApp Browser +- Governance Proposal UX enhancement ## [v1.4.8] - 2024-01-25 ### Additions - Security enhancement & package dependencies bump diff --git a/package.json b/package.json index 944e0df88..e2af56094 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "chain-desktop-wallet", - "version": "1.4.8", + "version": "1.4.9", "description": "Crypto.com DeFi Desktop Wallet App", "repository": "github:crypto-com/chain-desktop-wallet", "author": "Crypto.com ", @@ -9,7 +9,7 @@ "main": "build/electron/main.js", "private": true, "scripts": { - "run-audit": "yarn audit-ci --high -a 1094574 1094894", + "run-audit": "yarn audit-ci --high -a 1094574 1096494 1096640", "start": "node scripts/start.js", "build": "cross-env NODE_OPTIONS=--max_old_space_size=8192 && yarn clean-builds && node scripts/build.js", "test": "node scripts/test.js --watchAll=false", diff --git a/src/language/en-US.json b/src/language/en-US.json index 163fedf8d..613a28f89 100644 --- a/src/language/en-US.json +++ b/src/language/en-US.json @@ -592,6 +592,7 @@ "staking.modal6.note.part5": "in order to broadcast this transaction successfully", "governance.title": "Governance", "governance.description": "You may see all proposals and cast your votes here.", + "governance.warning": "This proposal contains external links that may lead to suspicious websites. Please open with caution.", "governance.votingHistoryBtn": "View Voting History", "governance.tab1": "All", "governance.tab2": "Voting", diff --git a/src/language/ko-KR.json b/src/language/ko-KR.json index 05a996b86..102b9ca4d 100644 --- a/src/language/ko-KR.json +++ b/src/language/ko-KR.json @@ -589,6 +589,7 @@ "staking.modal6.note.part5": "이 거래를 성공적으로 발송하기 위해서", "governance.title": "거버넌스", "governance.description": "여기에서 모든 제안을 보고 투표할 수 있습니다.", + "governance.warning": "이 제안서에는 의심스러운 웹사이트로 이동할 수 있는 외부 링크가 포함되어 있습니다. 주의해서 열어주세요.", "governance.votingHistoryBtn": "투표 기록 보기", "governance.tab1": "모두", "governance.tab2": "투표", diff --git a/src/language/zh-CN.json b/src/language/zh-CN.json index a1d0b417a..1404d3bfb 100644 --- a/src/language/zh-CN.json +++ b/src/language/zh-CN.json @@ -592,6 +592,7 @@ "staking.modal6.note.part5": "以完成此交易", "governance.title": "治理", "governance.description": "你可以在这里看到所有提案并行使你的投票权。", + "governance.warning": "此提案包含可能导向可疑网站的外部连结。请谨慎开启。", "governance.votingHistoryBtn": "查看投票历史", "governance.tab1": "所有", "governance.tab2": "投票中", diff --git a/src/language/zh-HK.json b/src/language/zh-HK.json index 6c82d3588..de5d22f2a 100644 --- a/src/language/zh-HK.json +++ b/src/language/zh-HK.json @@ -592,6 +592,7 @@ "staking.modal6.note.part5": "以完成此交易", "governance.title": "治理", "governance.description": "你可以在這裡看到所有提案並行使你的投票權。", + "governance.warning": "此提案包含可能導向可疑網站的外部連結。請謹慎開啟。", "governance.votingHistoryBtn": "查看投票歷史", "governance.tab1": "所有", "governance.tab2": "投票中", diff --git a/src/pages/dapp/browser/DappBrowser.tsx b/src/pages/dapp/browser/DappBrowser.tsx index c24534ecc..4fe9ff932 100644 --- a/src/pages/dapp/browser/DappBrowser.tsx +++ b/src/pages/dapp/browser/DappBrowser.tsx @@ -120,6 +120,12 @@ const DappBrowser = forwardRef((props: DappBro errorCallback: Function; }>(); + useEffect(() => { + if (isDOMReady && cronosAsset) { + webviewRef.current?.send('getAddress', [cronosAsset.address!]); + } + }, [cronosAsset, isDOMReady]); + const onRequestAddress = useRefCallback((onSuccess: (address: string) => void) => { onSuccess(cronosAsset?.address!); }); @@ -425,7 +431,7 @@ const DappBrowser = forwardRef((props: DappBro preload={ProviderPreloadScriptPath} ref={webviewRef} allowpopups={'true' as any} - webpreferences="contextIsolation=false, nodeIntegration=false, javascript=yes, allowpopup=yes" + webpreferences="contextIsolation=true, sandbox=true, nodeIntegration=false, javascript=yes, allowpopup=yes" useragent={window.navigator.userAgent.replace( 'chain-desktop-wallet', 'Desktop Wallet Build', diff --git a/src/pages/dapp/browser/preload.js b/src/pages/dapp/browser/preload.js index 8b986cd3a..1620208ee 100644 --- a/src/pages/dapp/browser/preload.js +++ b/src/pages/dapp/browser/preload.js @@ -1,8 +1,7 @@ // !! if you change the location of this file, remember to change `extraResources` in package.json as well !! /* eslint-disable max-classes-per-file */ /* eslint-disable */ -const { Buffer } = require('buffer'); -const { ipcRenderer } = require('electron'); +const { ipcRenderer, contextBridge } = require('electron'); const EventEmitter = require('events'); class RPCServer { @@ -568,4 +567,107 @@ const providerConfig = { rpcUrl: 'https://evm.cronos.org', isDebug: true, }; -window.ethereum = new window.desktopWallet.Provider(providerConfig); + +const provider = new Web3Provider(providerConfig); + +ipcRenderer.on('getAddress', (event, args) => { + const address = args[0]; + + contextBridge.exposeInMainWorld('ethereum', { + address, + ready: true, + isDesktopWallet: true, + setConfig: (config, emitChanges) => { + provider.setConfig(config, emitChanges); + }, + request: payload => { + return provider.request(payload); + }, + setAddress: address => { + provider.setAddress(address); + }, + sendResponse: (id, result) => { + provider.sendResponse(id, result); + }, + sendError: (id, error) => { + provider.sendError(id, error); + }, + eth_accounts: () => { + return provider.eth_accounts(); + }, + eth_coinbase: () => { + return provider.eth_coinbase(); + }, + net_version: () => { + return provider.net_version(); + }, + eth_chainId: () => { + return provider.eth_chainId(); + }, + eth_sign: payload => { + return provider.eth_sign(payload); + }, + personal_sign: payload => { + return provider.personal_sign(payload); + }, + personal_ecRecover: payload => { + return provider.personal_ecRecover(payload); + }, + eth_signTypedData: (payload, useV4) => { + return provider.eth_signTypedData(payload, useV4); + }, + eth_sendTransaction: payload => { + return provider.eth_sendTransaction(payload); + }, + eth_requestAccounts: payload => { + return provider.eth_requestAccounts(payload); + }, + wallet_watchAsset: payload => { + return provider.wallet_watchAsset(payload); + }, + wallet_addEthereumChain: payload => { + return provider.wallet_addEthereumChain(payload); + }, + wallet_switchEthereumChain: payload => { + return provider.wallet_switchEthereumChain(payload); + }, + isConnected: () => { + return provider.isConnected(); + }, + enable: () => { + return provider.enable(); + }, + send: payload => { + return provider.send(payload); + }, + sendAsync: (payload, callback) => { + return provider.sendAsync(payload, callback); + }, + addEventListener: (event, callback) => { + provider.addListener(event, callback); + }, + on: (event, callback) => { + provider.on(event, callback); + }, + once: (event, callback) => { + provider.once(event, callback); + }, + removeListener: (event, callback) => { + provider.removeListener(event, callback); + }, + removeAllListeners: event => { + provider.removeAllListeners(event); + }, + emit: (event, ...args) => { + provider.emit(event, ...args); + }, + }) + contextBridge.exposeInMainWorld('desktopWallet', { + Provider: Web3Provider, + postMessage: arg => { + ipcRenderer.sendToHost('dapp', arg); + }, + }) + +}) + diff --git a/src/pages/governance/components/ProposalView.tsx b/src/pages/governance/components/ProposalView.tsx index 680cf81b2..f754462ae 100644 --- a/src/pages/governance/components/ProposalView.tsx +++ b/src/pages/governance/components/ProposalView.tsx @@ -4,7 +4,7 @@ import Big from 'big.js'; import '../governance.less'; import 'antd/dist/antd.css'; // eslint-disable-next-line @typescript-eslint/no-unused-vars -import { Layout, Radio, Button, Card, Progress, Form, InputNumber, Spin } from 'antd'; +import { Layout, Radio, Button, Card, Progress, Form, InputNumber, Spin, Alert } from 'antd'; import { LoadingOutlined } from '@ant-design/icons'; import { useRecoilValue, useRecoilState } from 'recoil'; import { useTranslation } from 'react-i18next'; @@ -307,11 +307,22 @@ export const ProposalView = (props: any) => { {allProps?.proposal?.proposal_id} - + {allProps.proposal?.content?.description.includes('http') ? +
+ +
+ : <>}
- {allProps.proposal?.content?.description ? allProps.proposal?.content.description.split('\\n').map((p, i) => ( -

{p}

- )) :

(No description)

} + {allProps.proposal?.content?.description ? + allProps.proposal?.content.description.split(/\n|\\n/).map((p, i) => ( +

{p}

+ )) + :

(No description)

+ }
{allProps.proposal?.status === ProposalStatuses.PROPOSAL_STATUS_VOTING_PERIOD ? ( diff --git a/src/pages/governance/governance.less b/src/pages/governance/governance.less index 46a246247..68cfdf9dd 100644 --- a/src/pages/governance/governance.less +++ b/src/pages/governance/governance.less @@ -7,6 +7,9 @@ margin-bottom: 20px; color: @font-color; } + .warning{ + margin-bottom: 20px; + } .amount { .ant-form-item { margin: 0; diff --git a/yarn.lock b/yarn.lock index 0ad29f527..bc43b9e7c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5547,9 +5547,9 @@ asap@~2.0.6: integrity sha1-5QNHYR1+aQlDIIu9r+vLwvuGbUY= asar@^3.1.0: - version "3.1.0" - resolved "https://registry.yarnpkg.com/asar/-/asar-3.1.0.tgz#70b0509449fe3daccc63beb4d3c7d2e24d3c6473" - integrity sha512-vyxPxP5arcAqN4F/ebHd/HhwnAiZtwhglvdmc7BR2f0ywbVNTOpSeyhLDbGXtE/y58hv1oC75TaNIXutnsOZsQ== + version "3.2.0" + resolved "https://registry.yarnpkg.com/asar/-/asar-3.2.0.tgz#e6edb5edd6f627ebef04db62f771c61bea9c1221" + integrity sha512-COdw2ZQvKdFGFxXwX3oYh2/sOsJWJegrdJCGxnN4MZ7IULgRBp9P6665aqj9z1v9VwP4oP1hRBojRDQ//IGgAg== dependencies: chromium-pickle-js "^0.2.0" commander "^5.0.0" @@ -6374,13 +6374,13 @@ buffer-crc32@~0.2.3: buffer-equal@1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/buffer-equal/-/buffer-equal-1.0.0.tgz" - integrity sha1-WWFrSYME1Var1GaWayLu2j7KX74= + resolved "https://registry.yarnpkg.com/buffer-equal/-/buffer-equal-1.0.0.tgz#59616b498304d556abd466966b22eeda3eca5fbe" + integrity sha512-tcBWO2Dl4e7Asr9hTGcpVrCe+F7DubpmqWCTbj4FHLmjqO2hIaC383acQubWtRJhdceqs5uBHs6Es+Sk//RKiQ== buffer-fill@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/buffer-fill/-/buffer-fill-1.0.0.tgz#f8f78b76789888ef39f205cd637f68e702122b2c" - integrity sha1-+PeLdniYiO858gXNY39o5wISKyw= + integrity sha512-T7zexNBwiiaCOGDg9xNX9PBmjrubblRkENuptryuI64URkXDFum9il/JGL8Lm8wYfAXpredVXXZz7eMHilimiQ== buffer-from@^1.0.0: version "1.1.2" @@ -7036,8 +7036,8 @@ colorette@^1.2.1, colorette@^1.2.2: colors@1.0.3: version "1.0.3" - resolved "https://registry.yarnpkg.com/colors/-/colors-1.0.3.tgz" - integrity sha1-BDP0TYCWgP3rYO0mDxsMJi6CpAs= + resolved "https://registry.yarnpkg.com/colors/-/colors-1.0.3.tgz#0433f44d809680fdeb60ed260f1b0c262e82a40b" + integrity sha512-pFGrxThWcWQ2MsAz6RtgeWe4NK2kUE1WfsrvvlctdII745EW9I0yflqhe7++M5LEc7bV2c/9/5zc8sFcpL0Drw== combined-stream@^1.0.6, combined-stream@^1.0.8, combined-stream@~1.0.6: version "1.0.8" @@ -7068,8 +7068,8 @@ command-line-usage@^6.1.0: commander@2.9.0: version "2.9.0" - resolved "https://registry.yarnpkg.com/commander/-/commander-2.9.0.tgz" - integrity sha1-nJkJQXbhIkDLItbFFGCYQA/g99Q= + resolved "https://registry.yarnpkg.com/commander/-/commander-2.9.0.tgz#9c99094176e12240cb22d6c5146098400fe0f7d4" + integrity sha512-bmkUukX8wAOjHdN26xj5c4ctEV22TQ7dQYhSmuckKhToXrkUn0iIaolHdIxYYqD55nhpSPA9zPQ1yP57GdXP2A== dependencies: graceful-readlink ">= 1.0.0" @@ -8335,7 +8335,7 @@ diffie-hellman@^5.0.0: dir-compare@^2.4.0: version "2.4.0" - resolved "https://registry.yarnpkg.com/dir-compare/-/dir-compare-2.4.0.tgz" + resolved "https://registry.yarnpkg.com/dir-compare/-/dir-compare-2.4.0.tgz#785c41dc5f645b34343a4eafc50b79bac7f11631" integrity sha512-l9hmu8x/rjVC9Z2zmGzkhOEowZvW7pmYws5CWHutg8u1JgvsKWMx7Q/UODeu4djLZ4FgW5besw5yvMQnBHzuCA== dependencies: buffer-equal "1.0.0" @@ -8731,7 +8731,7 @@ emoji-regex@^8.0.0: emoji-regex@^9.0.0: version "9.2.2" - resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-9.2.2.tgz" + resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-9.2.2.tgz#840c8803b0d8047f4ff0cf963176b32d4ef3ed72" integrity sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg== emojis-list@^3.0.0: @@ -10669,8 +10669,8 @@ graceful-fs@^4.2.9: "graceful-readlink@>= 1.0.0": version "1.0.1" - resolved "https://registry.yarnpkg.com/graceful-readlink/-/graceful-readlink-1.0.1.tgz" - integrity sha1-TK+tdrxi8C+gObL5Tpo906ORpyU= + resolved "https://registry.yarnpkg.com/graceful-readlink/-/graceful-readlink-1.0.1.tgz#4cafad76bc62f02fa039b2f94e9a3dd3a391a725" + integrity sha512-8tLu60LgxF6XpdbK8OW3FA+IfTNBn1ZHGHKF4KQbEeSkajYw5PlYJcKluntgegDPTg8UkHjpet1T82vk6TQ68w== growl@1.10.5: version "1.10.5"