d20306cc4f
I reviewed the CodeQL alerts for `js/electron.js`: - [#25](https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/25) https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/25 - [#22](https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/22) https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/22 Both point to real bugs. - [#25](https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/25): The window size fallback was written as a comma expression (`(800, 600)`), so it did not produce the expected object structure `{ width, height }`. I am not surprised it went unnoticed because it sits in a fallback path. - [#22](https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/22): `...new Set(electronSwitchesDefaults, config.electronSwitches)` silently ignored the second parameter. As a result, custom `electronSwitches` were never applied. I am wondering: this has been broken since PR #2643 introduced it, so I'm quite sure it could not have worked as intended in that form. Why didn't anyone (not even @eouia) notice that? 🤔 ## Changes - Fix for [#25](https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/25): - Corrects the fallback from `(800, 600)` to a valid size object `{ width: 800, height: 600 }`. - Fix for [#22](https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/22): - Sets the default switch explicitly as a correct key-value pair: - `app.commandLine.appendSwitch("autoplay-policy", "no-user-gesture-required")` - Applies custom `config.electronSwitches` individually afterward.
MagicMirror² is an open source modular smart mirror platform. With a growing list of installable modules, the MagicMirror² allows you to convert your hallway or bathroom mirror into your personal assistant. MagicMirror² is built by the creator of the original MagicMirror with the incredible help of a growing community of contributors.
MagicMirror² focuses on a modular plugin system and uses Electron as an application wrapper. So no more web server or browser installs necessary!
Documentation
For the full documentation including installation instructions, please visit our dedicated documentation website: https://docs.magicmirror.builders.
Links
- Website: https://magicmirror.builders
- Documentation: https://docs.magicmirror.builders
- Forum: https://forum.magicmirror.builders
- Technical discussions: https://forum.magicmirror.builders/category/11/core-system
- Discord: https://discord.gg/J5BAtvx
- Blog: https://michaelteeuw.nl/tagged/magicmirror
- Donations: https://magicmirror.builders/#donate
Contributing Guidelines
Contributions of all kinds are welcome, not only in the form of code but also with regards to
- bug reports
- documentation
- translations
For the full contribution guidelines, check out: https://docs.magicmirror.builders/about/contributing.html
Enjoying MagicMirror? Consider a donation!
MagicMirror² is Open Source and free. That doesn't mean we don't need any money.
Please consider a donation to help us cover the ongoing costs like webservers and email services. If we receive enough donations we might even be able to free up some working hours and spend some extra time improving the MagicMirror² core.
To donate, please follow this link.
