From 9a0d007ae966884ec91ba7cb61ba0f466187064c Mon Sep 17 00:00:00 2001
From: Bruno Lemos <brunohplemos@gmail.com>
Date: Sat, 29 Dec 2018 21:07:43 -0200
Subject: [PATCH] [Security] Disable window.eval

As recommended by Electron warning
---
 @types/electron/index.d.ts      | 1 +
 packages/desktop/src/preload.ts | 2 ++
 packages/web/src/index.tsx      | 5 +++++
 3 files changed, 8 insertions(+)

diff --git a/@types/electron/index.d.ts b/@types/electron/index.d.ts
index ed0db996..c85a5c94 100644
--- a/@types/electron/index.d.ts
+++ b/@types/electron/index.d.ts
@@ -1,6 +1,7 @@
 /// <reference path="../../node_modules/electron/electron.d.ts" />
 
 interface Window {
+  eval: never
   ipc: Electron.IpcRenderer
   process?: {
     type?: string
diff --git a/packages/desktop/src/preload.ts b/packages/desktop/src/preload.ts
index 297326fb..e2ff13fa 100644
--- a/packages/desktop/src/preload.ts
+++ b/packages/desktop/src/preload.ts
@@ -1,3 +1,5 @@
 import electron from 'electron'
 
+// Communication between webapp and electron main process
+// Used on oauth flow
 window.ipc = electron.ipcRenderer
diff --git a/packages/web/src/index.tsx b/packages/web/src/index.tsx
index 6a4f29ca..3c7c26cd 100644
--- a/packages/web/src/index.tsx
+++ b/packages/web/src/index.tsx
@@ -1,3 +1,8 @@
+// Security precaution
+;(window as any).eval = global.eval = () => {
+  throw new Error(`This app does not allow window.eval().`)
+}
+
 import '@babel/polyfill'
 import 'react-app-polyfill/ie9'
 import 'resize-observer-polyfill/dist/ResizeObserver.global'