chore: trigger release

This was cherry picked from ee71c31fd0, keeping only the logic to block remote URLs from using the IPC.
PR: #5918

.changes/config.json

@@ -56,7 +56,6 @@
         }
       ],
       "postpublish": [
-        "git tag ${ pkg.pkg }-v${ pkgFile.versionMajor } -f",
         "git tag ${ pkg.pkg }-v${ pkgFile.versionMajor }.${ pkgFile.versionMinor } -f",
         "git push --tags -f"
       ],
@@ -116,7 +115,6 @@
         }
       ],
       "postpublish": [
-        "git tag ${ pkg.pkg }-v${ pkgFile.versionMajor } -f",
         "git tag ${ pkg.pkg }-v${ pkgFile.versionMajor }.${ pkgFile.versionMinor } -f",
         "git push --tags -f"
       ]

.github/workflows/publish-cli-js.yml

@@ -198,7 +198,6 @@ jobs:
           - host: windows-latest
             target: x86_64-pc-windows-msvc
         node:
-          - '12'
           - '14'
           - '16'
           - '18'
@@ -232,7 +231,6 @@ jobs:
       fail-fast: false
       matrix:
         node:
-          - '12'
           - '14'
           - '16'
           - '18'
@@ -270,7 +268,6 @@ jobs:
       fail-fast: false
       matrix:
         node:
-          - '12'
           - '14'
           - '16'
           - '18'
@@ -318,7 +315,6 @@ jobs:
       fail-fast: false
       matrix:
         node:
-          - '12'
           - '14'
           - '16'
           - '18'
@@ -401,4 +397,4 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.ORG_NPM_TOKEN }}
-          RELEASE_ID: ${{ github.event.inputs.releaseId }}
+          RELEASE_ID: ${{ github.event.client_payload.releaseId || github.event.inputs.releaseId }}

.github/workflows/publish-hotfix.yml

@@ -0,0 +1,69 @@
+# Copyright 2019-2021 Tauri Programme within The Commons Conservancy
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: MIT
+
+name: version or publish
+
+on:
+  push:
+    branches:
+      - '1.*'
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    timeout-minutes: 65
+    outputs:
+      change: ${{ steps.covector.outputs.change }}
+      commandRan: ${{ steps.covector.outputs.commandRan }}
+      successfulPublish: ${{ steps.covector.outputs.successfulPublish }}
+
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-node@v2
+        with:
+          node-version: 14
+          registry-url: 'https://registry.npmjs.org'
+          cache: yarn
+          cache-dependency-path: tooling/*/yarn.lock
+
+      - name: cargo login
+        run: cargo login ${{ secrets.ORG_CRATES_IO_TOKEN }}
+      - name: git config
+        run: |
+          git config --global user.name "${{ github.event.pusher.name }}"
+          git config --global user.email "${{ github.event.pusher.email }}"
+
+      - name: covector version or publish (publish when no change files present)
+        uses: jbolda/covector/packages/action@covector-v0
+        id: covector
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          CARGO_AUDIT_OPTIONS: ${{ secrets.CARGO_AUDIT_OPTIONS }}
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          command: 'version-or-publish'
+          createRelease: true
+
+      - name: Trigger cli.js publishing workflow
+        if: |
+          steps.covector.outputs.successfulPublish == 'true' &&
+          contains(steps.covector.outputs.packagesPublished, 'cli.rs')
+        uses: peter-evans/repository-dispatch@v1
+        with:
+          token: ${{ secrets.ORG_TAURI_BOT_PAT }}
+          repository: tauri-apps/tauri
+          event-type: publish-clijs
+          inputs: '{"releaseId": "${{ steps.covector.outputs.cli.js-releaseId }}" }'
+
+      - name: Trigger cli.rs publishing workflow
+        if: |
+          steps.covector.outputs.successfulPublish == 'true' &&
+          contains(steps.covector.outputs.packagesPublished, 'cli.rs')
+        uses: peter-evans/repository-dispatch@v1
+        with:
+          token: ${{ secrets.ORG_TAURI_BOT_PAT }}
+          repository: tauri-apps/tauri
+          event-type: publish-clirs

core/tauri-build/src/static_vcruntime.rs

@@ -54,5 +54,5 @@ fn override_msvcrt_lib() {
     f.write_all(bytes).unwrap();
   }
   // Add the output directory to the native library path.
-  println!("cargo:rustc-link-search=native={}", out_dir);
+  println!("cargo:rustc-link-search=native={out_dir}");
 }

core/tauri-runtime-wry/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## \[0.12.3]
+
+- Block remote URLs from accessing the IPC.
+  - [9c0593c33](https://www.github.com/tauri-apps/tauri/commit/9c0593c33af52cd9e00ec784d15f63efebdf039c) feat(core): block remote URLs from accessing the IPC on 2023-04-12
+
 ## \[0.12.2]
 
 - Fix compatibility with older Linux distributions.

core/tauri-runtime-wry/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "tauri-runtime-wry"
-version = "0.12.2"
+version = "0.12.3"
 authors = [ "Tauri Programme within The Commons Conservancy" ]
 categories = [ "gui", "web-programming" ]
 license = "Apache-2.0 OR MIT"
@@ -14,11 +14,12 @@ readme = "README.md"
 
 [dependencies]
 wry = { version = "0.23", default-features = false, features = [ "file-drop", "protocol" ] }
-tauri-runtime = { version = "0.12.1", path = "../tauri-runtime" }
+tauri-runtime = { version = "0.12.2", path = "../tauri-runtime" }
 tauri-utils = { version = "1.2.1", path = "../tauri-utils" }
 uuid = { version = "1", features = [ "v4" ] }
 rand = "0.8"
 raw-window-handle = "0.5"
+url = "2"
 
 [target."cfg(windows)".dependencies]
 webview2-com = "0.19.1"

core/tauri-runtime-wry/src/lib.rs

@@ -37,6 +37,7 @@ use wry::application::platform::windows::{WindowBuilderExtWindows, WindowExtWind
 #[cfg(target_os = "macos")]
 use tauri_utils::TitleBarStyle;
 use tauri_utils::{config::WindowConfig, debug_eprintln, Theme};
+use url::Url;
 use uuid::Uuid;
 use wry::{
   application::{
@@ -211,6 +212,7 @@ impl<T: UserEvent> Context<T> {
 impl<T: UserEvent> Context<T> {
   fn create_webview(&self, pending: PendingWindow<T, Wry<T>>) -> Result<DetachedWindow<T, Wry<T>>> {
     let label = pending.label.clone();
+    let current_url = pending.current_url.clone();
     let menu_ids = pending.menu_ids.clone();
     let js_event_listeners = pending.js_event_listeners.clone();
     let context = self.clone();
@@ -232,6 +234,7 @@ impl<T: UserEvent> Context<T> {
     };
     Ok(DetachedWindow {
       label,
+      current_url,
       dispatcher,
       menu_ids,
       js_event_listeners,
@@ -1931,6 +1934,7 @@ impl<T: UserEvent> Runtime<T> for Wry<T> {
 
   fn create_window(&self, pending: PendingWindow<T, Self>) -> Result<DetachedWindow<T, Self>> {
     let label = pending.label.clone();
+    let current_url = pending.current_url.clone();
     let menu_ids = pending.menu_ids.clone();
     let js_event_listeners = pending.js_event_listeners.clone();
     let window_id = rand::random();
@@ -1957,6 +1961,7 @@ impl<T: UserEvent> Runtime<T> for Wry<T> {
 
     Ok(DetachedWindow {
       label,
+      current_url,
       dispatcher,
       menu_ids,
       js_event_listeners,
@@ -2944,7 +2949,7 @@ fn create_webview<T: UserEvent>(
     mut window_builder,
     ipc_handler,
     label,
-    url,
+    current_url,
     menu_ids,
     js_event_listeners,
     ..
@@ -2990,7 +2995,7 @@ fn create_webview<T: UserEvent>(
   }
   let mut webview_builder = WebViewBuilder::new(window)
     .map_err(|e| Error::CreateWebview(Box::new(e)))?
-    .with_url(&url)
+    .with_url(current_url.lock().unwrap().as_str())
     .unwrap() // safe to unwrap because we validate the URL beforehand
     .with_transparent(is_window_transparent)
     .with_accept_first_mouse(webview_attributes.accept_first_mouse);
@@ -3001,10 +3006,16 @@ fn create_webview<T: UserEvent>(
   if let Some(user_agent) = webview_attributes.user_agent {
     webview_builder = webview_builder.with_user_agent(&user_agent);
   }
+  if let Some(navigation_handler) = pending.navigation_handler {
+    webview_builder = webview_builder.with_navigation_handler(move |url| {
+      Url::parse(&url).map(&navigation_handler).unwrap_or(true)
+    });
+  }
   if let Some(handler) = ipc_handler {
     webview_builder = webview_builder.with_ipc_handler(create_ipc_handler(
       context,
       label.clone(),
+      current_url,
       menu_ids,
       js_event_listeners,
       handler,
@@ -3115,6 +3126,7 @@ fn create_webview<T: UserEvent>(
 fn create_ipc_handler<T: UserEvent>(
   context: Context<T>,
   label: String,
+  current_url: Arc<Mutex<Url>>,
   menu_ids: Arc<Mutex<HashMap<MenuHash, MenuId>>>,
   js_event_listeners: Arc<Mutex<HashMap<JsEventListenerKey, HashSet<u64>>>>,
   handler: WebviewIpcHandler<T, Wry<T>>,
@@ -3123,6 +3135,7 @@ fn create_ipc_handler<T: UserEvent>(
     let window_id = context.webview_id_map.get(&window.id()).unwrap();
     handler(
       DetachedWindow {
+        current_url: current_url.clone(),
         dispatcher: WryDispatcher {
           window_id,
           context: context.clone(),

core/tauri-runtime/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## \[0.12.2]
+
+- Block remote URLs from accessing the IPC.
+  - [9c0593c33](https://www.github.com/tauri-apps/tauri/commit/9c0593c33af52cd9e00ec784d15f63efebdf039c) feat(core): block remote URLs from accessing the IPC on 2023-04-12
+
 ## \[0.12.1]
 
 - Fix `allowlist > app > show/hide` always disabled when `allowlist > app > all: false`.

core/tauri-runtime/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "tauri-runtime"
-version = "0.12.1"
+version = "0.12.2"
 authors = [ "Tauri Programme within The Commons Conservancy" ]
 categories = [ "gui", "web-programming" ]
 license = "Apache-2.0 OR MIT"
@@ -32,6 +32,7 @@ http = "0.2.4"
 http-range = "0.1.4"
 raw-window-handle = "0.5"
 rand = "0.8"
+url = "2"
 
 [target."cfg(windows)".dependencies]
 webview2-com = "0.19.1"

core/tauri-runtime/src/window.rs

@@ -12,6 +12,7 @@ use crate::{
 };
 use serde::{Deserialize, Deserializer, Serialize};
 use tauri_utils::{config::WindowConfig, Theme};
+use url::Url;
 
 use std::{
   collections::{HashMap, HashSet},
@@ -224,14 +225,17 @@ pub struct PendingWindow<T: UserEvent, R: Runtime<T>> {
   /// How to handle IPC calls on the webview window.
   pub ipc_handler: Option<WebviewIpcHandler<T, R>>,
 
-  /// The resolved URL to load on the webview.
-  pub url: String,
-
   /// Maps runtime id to a string menu id.
   pub menu_ids: Arc<Mutex<HashMap<MenuHash, MenuId>>>,
 
   /// A HashMap mapping JS event names with associated listener ids.
   pub js_event_listeners: Arc<Mutex<HashMap<JsEventListenerKey, HashSet<u64>>>>,
+
+  /// A handler to decide if incoming url is allowed to navigate.
+  pub navigation_handler: Option<Box<dyn Fn(Url) -> bool + Send>>,
+
+  /// The current webview URL.
+  pub current_url: Arc<Mutex<Url>>,
 }
 
 pub fn is_label_valid(label: &str) -> bool {
@@ -268,9 +272,10 @@ impl<T: UserEvent, R: Runtime<T>> PendingWindow<T, R> {
         uri_scheme_protocols: Default::default(),
         label,
         ipc_handler: None,
-        url: "tauri://localhost".to_string(),
         menu_ids: Arc::new(Mutex::new(menu_ids)),
         js_event_listeners: Default::default(),
+        navigation_handler: Default::default(),
+        current_url: Arc::new(Mutex::new("tauri://localhost".parse().unwrap())),
       })
     }
   }
@@ -297,9 +302,10 @@ impl<T: UserEvent, R: Runtime<T>> PendingWindow<T, R> {
         uri_scheme_protocols: Default::default(),
         label,
         ipc_handler: None,
-        url: "tauri://localhost".to_string(),
         menu_ids: Arc::new(Mutex::new(menu_ids)),
         js_event_listeners: Default::default(),
+        navigation_handler: Default::default(),
+        current_url: Arc::new(Mutex::new("tauri://localhost".parse().unwrap())),
       })
     }
   }
@@ -340,6 +346,9 @@ pub struct JsEventListenerKey {
 /// A webview window that is not yet managed by Tauri.
 #[derive(Debug)]
 pub struct DetachedWindow<T: UserEvent, R: Runtime<T>> {
+  /// The current webview URL.
+  pub current_url: Arc<Mutex<Url>>,
+
   /// Name of the window
   pub label: String,
 
@@ -356,6 +365,7 @@ pub struct DetachedWindow<T: UserEvent, R: Runtime<T>> {
 impl<T: UserEvent, R: Runtime<T>> Clone for DetachedWindow<T, R> {
   fn clone(&self) -> Self {
     Self {
+      current_url: self.current_url.clone(),
       label: self.label.clone(),
       dispatcher: self.dispatcher.clone(),
       menu_ids: self.menu_ids.clone(),

core/tauri/CHANGELOG.md

@@ -1,5 +1,20 @@
 # Changelog
 
+## \[1.2.5]
+
+- Block remote URLs from accessing the IPC.
+  - [9c0593c33](https://www.github.com/tauri-apps/tauri/commit/9c0593c33af52cd9e00ec784d15f63efebdf039c) feat(core): block remote URLs from accessing the IPC on 2023-04-12
+
+## \[1.2.4]
+
+- Pin `ignore` to `=0.4.18`.
+  - [adcb082b](https://www.github.com/tauri-apps/tauri/commit/adcb082b1651ecb2a6208b093e12f4185aa3fc98) chore(deps): pin `ignore` to =0.4.18 on 2023-01-17
+
+## \[1.2.3]
+
+- Fix the filesystem scope allowing sub-directories of the directory picked by the dialog when `recursive` option was `false`.
+  - [f1b0ad6e](https://www.github.com/tauri-apps/tauri/commit/f1b0ad6e8b721cf1420a9a4b9be5b05c39941d16) Merge pull request from GHSA-6mv3-wm7j-h4w5 on 2022-12-22
+
 ## \[1.2.2]
 
 - Invoke event listener in windows safely to avoid causing uncaught errors in windows that have loaded external urls

core/tauri/Cargo.toml

@@ -10,7 +10,7 @@ license = "Apache-2.0 OR MIT"
 name = "tauri"
 readme = "README.md"
 repository = "https://github.com/tauri-apps/tauri"
-version = "1.2.2"
+version = "1.2.5"
 
 [package.metadata.docs.rs]
 no-default-features = true
@@ -49,10 +49,10 @@ url = { version = "2.3" }
 anyhow = "1.0"
 thiserror = "1.0"
 once_cell = "1"
-tauri-runtime = { version = "0.12.1", path = "../tauri-runtime" }
+tauri-runtime = { version = "0.12.2", path = "../tauri-runtime" }
 tauri-macros = { version = "1.2.1", path = "../tauri-macros" }
 tauri-utils = { version = "1.2.1", features = [ "resources" ], path = "../tauri-utils" }
-tauri-runtime-wry = { version = "0.12.2", path = "../tauri-runtime-wry", optional = true }
+tauri-runtime-wry = { version = "0.12.3", path = "../tauri-runtime-wry", optional = true }
 rand = "0.8"
 semver = { version = "1.0", features = [ "serde" ] }
 serde_repr = "0.1"
@@ -60,7 +60,7 @@ state = "0.5"
 tar = "0.4.38"
 tempfile = "3"
 zip = { version = "0.6", default-features = false, optional = true }
-ignore = "0.4"
+ignore = "=0.4.18"
 flate2 = "1.0"
 http = "0.2"
 dirs-next = "2.0"

core/tauri/src/app.rs

@@ -1017,7 +1017,7 @@ impl<R: Runtime> Builder<R> {
       #[cfg(any(windows, target_os = "linux"))]
       runtime_any_thread: false,
       setup: Box::new(|_| Ok(())),
-      invoke_handler: Box::new(|_| ()),
+      invoke_handler: Box::new(|invoke| invoke.resolver.reject("not implemented")),
       invoke_responder: Arc::new(window_invoke_responder),
       invoke_initialization_script:
         "Object.defineProperty(window, '__TAURI_POST_MESSAGE__', { value: (message) => window.ipc.postMessage(JSON.stringify(message)) })".into(),

core/tauri/src/manager.rs

@@ -25,10 +25,9 @@ use tauri_utils::{
   html::{SCRIPT_NONCE_TOKEN, STYLE_NONCE_TOKEN},
 };
 
-use crate::hooks::IpcJavascript;
 #[cfg(feature = "isolation")]
 use crate::hooks::IsolationJavascript;
-use crate::pattern::{format_real_schema, PatternJavascript};
+use crate::pattern::PatternJavascript;
 use crate::{
   app::{AppHandle, GlobalWindowEvent, GlobalWindowEventListener},
   event::{assert_event_name_is_valid, Event, EventHandler, Listeners},
@@ -54,6 +53,7 @@ use crate::{
   app::{GlobalMenuEventListener, WindowMenuEvent},
   window::WebResourceRequestHandler,
 };
+use crate::{hooks::IpcJavascript, pattern::format_real_schema};
 
 #[cfg(any(target_os = "linux", target_os = "windows"))]
 use crate::api::path::{resolve_path, BaseDirectory};
@@ -139,7 +139,7 @@ fn set_csp<R: Runtime>(
     let default_src = csp
       .entry("default-src".into())
       .or_insert_with(Default::default);
-    default_src.push(format_real_schema(schema));
+    default_src.push(crate::pattern::format_real_schema(schema));
   }
 
   Csp::DirectiveMap(csp).to_string()
@@ -231,7 +231,7 @@ pub struct InnerWindowManager<R: Runtime> {
   /// The script that initializes the invoke system.
   invoke_initialization_script: String,
   /// Application pattern.
-  pattern: Pattern,
+  pub(crate) pattern: Pattern,
 }
 
 impl<R: Runtime> fmt::Debug for InnerWindowManager<R> {
@@ -367,9 +367,12 @@ impl<R: Runtime> WindowManager<R> {
   /// Get the base URL to use for webview requests.
   ///
   /// In dev mode, this will be based on the `devPath` configuration value.
-  fn get_url(&self) -> Cow<'_, Url> {
+  pub(crate) fn get_url(&self) -> Cow<'_, Url> {
     match self.base_path() {
       AppUrl::Url(WindowUrl::External(url)) => Cow::Borrowed(url),
+      #[cfg(windows)]
+      _ => Cow::Owned(Url::parse("https://tauri.localhost").unwrap()),
+      #[cfg(not(windows))]
       _ => Cow::Owned(Url::parse("tauri://localhost").unwrap()),
     }
   }
@@ -477,7 +480,7 @@ impl<R: Runtime> WindowManager<R> {
       });
     }
 
-    let window_url = Url::parse(&pending.url).unwrap();
+    let window_url = pending.current_url.lock().unwrap().clone();
     let window_origin =
       if cfg!(windows) && window_url.scheme() != "http" && window_url.scheme() != "https" {
         format!("https://{}.localhost", window_url.scheme())
@@ -1072,7 +1075,16 @@ mod test {
     );
 
     #[cfg(custom_protocol)]
-    assert_eq!(manager.get_url().to_string(), "tauri://localhost");
+    {
+      assert_eq!(
+        manager.get_url().to_string(),
+        if cfg!(windows) {
+          "https://tauri.localhost/"
+        } else {
+          "tauri://localhost"
+        }
+      );
+    }
 
     #[cfg(dev)]
     assert_eq!(manager.get_url().to_string(), "http://localhost:4000/");
@@ -1123,27 +1135,21 @@ impl<R: Runtime> WindowManager<R> {
       return Err(crate::Error::WindowLabelAlreadyExists(pending.label));
     }
     #[allow(unused_mut)] // mut url only for the data-url parsing
-    let (is_local, mut url) = match &pending.webview_attributes.url {
+    let mut url = match &pending.webview_attributes.url {
       WindowUrl::App(path) => {
         let url = self.get_url();
-        (
-          true,
-          // ignore "index.html" just to simplify the url
-          if path.to_str() != Some("index.html") {
-            url
-              .join(&path.to_string_lossy())
-              .map_err(crate::Error::InvalidUrl)
-              // this will never fail
-              .unwrap()
-          } else {
-            url.into_owned()
-          },
-        )
-      }
-      WindowUrl::External(url) => {
-        let config_url = self.get_url();
-        (config_url.make_relative(url).is_some(), url.clone())
+        // ignore "index.html" just to simplify the url
+        if path.to_str() != Some("index.html") {
+          url
+            .join(&*path.to_string_lossy())
+            .map_err(crate::Error::InvalidUrl)
+            // this will never fail
+            .unwrap()
+        } else {
+          url.into_owned()
+        }
       }
+      WindowUrl::External(url) => url.clone(),
       _ => unimplemented!(),
     };
 
@@ -1170,7 +1176,7 @@ impl<R: Runtime> WindowManager<R> {
       }
     }
 
-    pending.url = url.to_string();
+    *pending.current_url.lock().unwrap() = url;
 
     if !pending.window_builder.has_icon() {
       if let Some(default_window_icon) = self.inner.default_window_icon.clone() {
@@ -1186,17 +1192,15 @@ impl<R: Runtime> WindowManager<R> {
       }
     }
 
-    if is_local {
-      let label = pending.label.clone();
-      pending = self.prepare_pending_window(
-        pending,
-        &label,
-        window_labels,
-        app_handle.clone(),
-        web_resource_request_handler,
-      )?;
-      pending.ipc_handler = Some(self.prepare_ipc_handler(app_handle));
-    }
+    let label = pending.label.clone();
+    pending = self.prepare_pending_window(
+      pending,
+      &label,
+      window_labels,
+      app_handle.clone(),
+      web_resource_request_handler,
+    )?;
+    pending.ipc_handler = Some(self.prepare_ipc_handler(app_handle));
 
     // in `Windows`, we need to force a data_directory
     // but we do respect user-specification
@@ -1221,6 +1225,28 @@ impl<R: Runtime> WindowManager<R> {
       }
     }
 
+    #[cfg(feature = "isolation")]
+    let pattern = self.pattern().clone();
+    let current_url_ = pending.current_url.clone();
+    let navigation_handler = pending.navigation_handler.take();
+    pending.navigation_handler = Some(Box::new(move |url| {
+      // always allow navigation events for the isolation iframe and do not emit them for consumers
+      #[cfg(feature = "isolation")]
+      if let Pattern::Isolation { schema, .. } = &pattern {
+        if url.scheme() == schema
+          && url.domain() == Some(crate::pattern::ISOLATION_IFRAME_SRC_DOMAIN)
+        {
+          return true;
+        }
+      }
+      *current_url_.lock().unwrap() = url.clone();
+      if let Some(handler) = &navigation_handler {
+        handler(url)
+      } else {
+        true
+      }
+    }));
+
     Ok(pending)
   }
 

core/tauri/src/pattern.rs

@@ -11,8 +11,11 @@ use serialize_to_javascript::{default_template, Template};
 
 use tauri_utils::assets::{Assets, EmbeddedAssets};
 
+/// The domain of the isolation iframe source.
+pub const ISOLATION_IFRAME_SRC_DOMAIN: &str = "localhost";
+
 /// An application pattern.
-#[derive(Debug, Clone)]
+#[derive(Debug)]
 pub enum Pattern<A: Assets = EmbeddedAssets> {
   /// The brownfield pattern.
   Brownfield(PhantomData<A>),
@@ -35,6 +38,26 @@ pub enum Pattern<A: Assets = EmbeddedAssets> {
   },
 }
 
+impl<A: Assets> Clone for Pattern<A> {
+  fn clone(&self) -> Self {
+    match self {
+      Self::Brownfield(a) => Self::Brownfield(*a),
+      #[cfg(feature = "isolation")]
+      Self::Isolation {
+        assets,
+        schema,
+        key,
+        crypto_keys,
+      } => Self::Isolation {
+        assets: assets.clone(),
+        schema: schema.clone(),
+        key: key.clone(),
+        crypto_keys: crypto_keys.clone(),
+      },
+    }
+  }
+}
+
 /// The shape of the JavaScript Pattern config
 #[derive(Debug, Serialize)]
 #[serde(rename_all = "lowercase", tag = "pattern")]
@@ -87,8 +110,8 @@ pub(crate) struct PatternJavascript {
 #[allow(dead_code)]
 pub(crate) fn format_real_schema(schema: &str) -> String {
   if cfg!(windows) {
-    format!("https://{}.localhost", schema)
+    format!("https://{schema}.{ISOLATION_IFRAME_SRC_DOMAIN}")
   } else {
-    format!("{}://localhost", schema)
+    format!("{schema}://{ISOLATION_IFRAME_SRC_DOMAIN}")
   }
 }

core/tauri/src/scope/fs.rs

@@ -141,7 +141,7 @@ impl Scope {
   /// Extend the allowed patterns with the given directory.
   ///
   /// After this function has been called, the frontend will be able to use the Tauri API to read
-  /// the directory and all of its files and subdirectories.
+  /// the directory and all of its files. If `recursive` is `true`, subdirectories will be accessible too.
   pub fn allow_directory<P: AsRef<Path>>(&self, path: P, recursive: bool) -> crate::Result<()> {
     let path = path.as_ref();
     {
@@ -216,13 +216,22 @@ impl Scope {
 
     if let Ok(path) = path {
       let path: PathBuf = path.components().collect();
+      let options = glob::MatchOptions {
+        // this is needed so `/dir/*` doesn't match files within subdirectories such as `/dir/subdir/file.txt`
+        // see: https://github.com/tauri-apps/tauri/security/advisories/GHSA-6mv3-wm7j-h4w5
+        require_literal_separator: true,
+        // dotfiles are not supposed to be exposed by default
+        #[cfg(unix)]
+        require_literal_leading_dot: true,
+        ..Default::default()
+      };
 
       let forbidden = self
         .forbidden_patterns
         .lock()
         .unwrap()
         .iter()
-        .any(|p| p.matches_path(&path));
+        .any(|p| p.matches_path_with(&path, options));
 
       if forbidden {
         false
@@ -232,7 +241,7 @@ impl Scope {
           .lock()
           .unwrap()
           .iter()
-          .any(|p| p.matches_path(&path));
+          .any(|p| p.matches_path_with(&path, options));
         allowed
       }
     } else {
@@ -269,32 +278,97 @@ mod tests {
   #[test]
   fn path_is_escaped() {
     let scope = new_scope();
-    scope.allow_directory("/home/tauri/**", false).unwrap();
-    assert!(scope.is_allowed("/home/tauri/**"));
-    assert!(scope.is_allowed("/home/tauri/**/file"));
-    assert!(!scope.is_allowed("/home/tauri/anyfile"));
+    #[cfg(unix)]
+    {
+      scope.allow_directory("/home/tauri/**", false).unwrap();
+      assert!(scope.is_allowed("/home/tauri/**"));
+      assert!(scope.is_allowed("/home/tauri/**/file"));
+      assert!(!scope.is_allowed("/home/tauri/anyfile"));
+    }
+    #[cfg(windows)]
+    {
+      scope.allow_directory("C:\\home\\tauri\\**", false).unwrap();
+      assert!(scope.is_allowed("C:\\home\\tauri\\**"));
+      assert!(scope.is_allowed("C:\\home\\tauri\\**\\file"));
+      assert!(!scope.is_allowed("C:\\home\\tauri\\anyfile"));
+    }
 
     let scope = new_scope();
-    scope.allow_file("/home/tauri/**").unwrap();
-    assert!(scope.is_allowed("/home/tauri/**"));
-    assert!(!scope.is_allowed("/home/tauri/**/file"));
-    assert!(!scope.is_allowed("/home/tauri/anyfile"));
+    #[cfg(unix)]
+    {
+      scope.allow_file("/home/tauri/**").unwrap();
+      assert!(scope.is_allowed("/home/tauri/**"));
+      assert!(!scope.is_allowed("/home/tauri/**/file"));
+      assert!(!scope.is_allowed("/home/tauri/anyfile"));
+    }
+    #[cfg(windows)]
+    {
+      scope.allow_file("C:\\home\\tauri\\**").unwrap();
+      assert!(scope.is_allowed("C:\\home\\tauri\\**"));
+      assert!(!scope.is_allowed("C:\\home\\tauri\\**\\file"));
+      assert!(!scope.is_allowed("C:\\home\\tauri\\anyfile"));
+    }
 
     let scope = new_scope();
-    scope.allow_directory("/home/tauri", true).unwrap();
-    scope.forbid_directory("/home/tauri/**", false).unwrap();
-    assert!(!scope.is_allowed("/home/tauri/**"));
-    assert!(!scope.is_allowed("/home/tauri/**/file"));
-    assert!(!scope.is_allowed("/home/tauri/**/inner/file"));
-    assert!(scope.is_allowed("/home/tauri/inner/folder/anyfile"));
-    assert!(scope.is_allowed("/home/tauri/anyfile"));
+    #[cfg(unix)]
+    {
+      scope.allow_directory("/home/tauri", true).unwrap();
+      scope.forbid_directory("/home/tauri/**", false).unwrap();
+      assert!(!scope.is_allowed("/home/tauri/**"));
+      assert!(!scope.is_allowed("/home/tauri/**/file"));
+      assert!(scope.is_allowed("/home/tauri/**/inner/file"));
+      assert!(scope.is_allowed("/home/tauri/inner/folder/anyfile"));
+      assert!(scope.is_allowed("/home/tauri/anyfile"));
+    }
+    #[cfg(windows)]
+    {
+      scope.allow_directory("C:\\home\\tauri", true).unwrap();
+      scope
+        .forbid_directory("C:\\home\\tauri\\**", false)
+        .unwrap();
+      assert!(!scope.is_allowed("C:\\home\\tauri\\**"));
+      assert!(!scope.is_allowed("C:\\home\\tauri\\**\\file"));
+      assert!(scope.is_allowed("C:\\home\\tauri\\**\\inner\\file"));
+      assert!(scope.is_allowed("C:\\home\\tauri\\inner\\folder\\anyfile"));
+      assert!(scope.is_allowed("C:\\home\\tauri\\anyfile"));
+    }
 
     let scope = new_scope();
-    scope.allow_directory("/home/tauri", true).unwrap();
-    scope.forbid_file("/home/tauri/**").unwrap();
-    assert!(!scope.is_allowed("/home/tauri/**"));
-    assert!(scope.is_allowed("/home/tauri/**/file"));
-    assert!(scope.is_allowed("/home/tauri/**/inner/file"));
-    assert!(scope.is_allowed("/home/tauri/anyfile"));
+    #[cfg(unix)]
+    {
+      scope.allow_directory("/home/tauri", true).unwrap();
+      scope.forbid_file("/home/tauri/**").unwrap();
+      assert!(!scope.is_allowed("/home/tauri/**"));
+      assert!(scope.is_allowed("/home/tauri/**/file"));
+      assert!(scope.is_allowed("/home/tauri/**/inner/file"));
+      assert!(scope.is_allowed("/home/tauri/anyfile"));
+    }
+    #[cfg(windows)]
+    {
+      scope.allow_directory("C:\\home\\tauri", true).unwrap();
+      scope.forbid_file("C:\\home\\tauri\\**").unwrap();
+      assert!(!scope.is_allowed("C:\\home\\tauri\\**"));
+      assert!(scope.is_allowed("C:\\home\\tauri\\**\\file"));
+      assert!(scope.is_allowed("C:\\home\\tauri\\**\\inner\\file"));
+      assert!(scope.is_allowed("C:\\home\\tauri\\anyfile"));
+    }
+
+    let scope = new_scope();
+    #[cfg(unix)]
+    {
+      scope.allow_directory("/home/tauri", false).unwrap();
+      assert!(scope.is_allowed("/home/tauri/**"));
+      assert!(!scope.is_allowed("/home/tauri/**/file"));
+      assert!(!scope.is_allowed("/home/tauri/**/inner/file"));
+      assert!(scope.is_allowed("/home/tauri/anyfile"));
+    }
+    #[cfg(windows)]
+    {
+      scope.allow_directory("C:\\home\\tauri", false).unwrap();
+      assert!(scope.is_allowed("C:\\home\\tauri\\**"));
+      assert!(!scope.is_allowed("C:\\home\\tauri\\**\\file"));
+      assert!(!scope.is_allowed("C:\\home\\tauri\\**\\inner\\file"));
+      assert!(scope.is_allowed("C:\\home\\tauri\\anyfile"));
+    }
   }
 }

core/tauri/src/test/mock_runtime.rs

@@ -69,6 +69,7 @@ impl<T: UserEvent> RuntimeHandle<T> for MockRuntimeHandle {
   ) -> Result<DetachedWindow<T, Self::Runtime>> {
     Ok(DetachedWindow {
       label: pending.label,
+      current_url: Arc::new(Mutex::new("tauri://localhost".parse().unwrap())),
       dispatcher: MockDispatcher {
         context: self.context.clone(),
       },
@@ -665,6 +666,7 @@ impl<T: UserEvent> Runtime<T> for MockRuntime {
   fn create_window(&self, pending: PendingWindow<T, Self>) -> Result<DetachedWindow<T, Self>> {
     Ok(DetachedWindow {
       label: pending.label,
+      current_url: Arc::new(Mutex::new("tauri://localhost".parse().unwrap())),
       dispatcher: MockDispatcher {
         context: self.context.clone(),
       },

core/tauri/src/window.rs

@@ -35,6 +35,7 @@ use crate::{
 };
 
 use serde::Serialize;
+use url::Url;
 #[cfg(windows)]
 use windows::Win32::Foundation::HWND;
 
@@ -570,7 +571,7 @@ impl<'a, R: Runtime> WindowBuilder<'a, R> {
 #[derive(Debug)]
 pub struct Window<R: Runtime> {
   /// The webview window created by the runtime.
-  window: DetachedWindow<EventLoopMessage, R>,
+  pub(crate) window: DetachedWindow<EventLoopMessage, R>,
   /// The manager to associate this webview window with.
   manager: WindowManager<R>,
   pub(crate) app_handle: AppHandle<R>,
@@ -1256,9 +1257,27 @@ impl<R: Runtime> Window<R> {
 
 /// Webview APIs.
 impl<R: Runtime> Window<R> {
+  /// Returns the current url of the webview.
+  pub fn url(&self) -> Url {
+    self.window.current_url.lock().unwrap().clone()
+  }
+
   /// Handles this window receiving an [`InvokeMessage`].
   pub fn on_message(self, payload: InvokePayload) -> crate::Result<()> {
     let manager = self.manager.clone();
+    let current_url = self.url();
+    let config_url = manager.get_url();
+    #[allow(unused_mut)]
+    let mut is_local = config_url.make_relative(&current_url).is_some();
+    #[cfg(feature = "isolation")]
+    if let crate::Pattern::Isolation { schema, .. } = &self.manager.inner.pattern {
+      if current_url.scheme() == schema
+        && current_url.domain() == Some(crate::pattern::ISOLATION_IFRAME_SRC_DOMAIN)
+      {
+        is_local = true;
+      }
+    }
+
     match payload.cmd.as_str() {
       "__initialized" => {
         let payload: PageLoadPayload = serde_json::from_value(payload.inner)?;
@@ -1272,8 +1291,15 @@ impl<R: Runtime> Window<R> {
           payload.inner,
         );
         let resolver = InvokeResolver::new(self, payload.callback, payload.error);
-
         let invoke = Invoke { message, resolver };
+
+        if !is_local {
+          invoke
+            .resolver
+            .reject("Remote URLs are not allowed to access the IPC");
+          return Ok(());
+        }
+
         if let Some(module) = &payload.tauri_module {
           crate::endpoints::handle(
             module.to_string(),

examples/api/src-tauri/Cargo.lock

@@ -3128,7 +3128,7 @@ dependencies = [
 
 [[package]]
 name = "tauri"
-version = "1.2.0"
+version = "1.1.3"
 dependencies = [
  "anyhow",
  "attohttpc",
@@ -3190,7 +3190,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-build"
-version = "1.2.0"
+version = "1.1.1"
 dependencies = [
  "anyhow",
  "cargo_toml",
@@ -3206,7 +3206,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-codegen"
-version = "1.2.0"
+version = "1.1.1"
 dependencies = [
  "base64",
  "brotli",
@@ -3230,7 +3230,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-macros"
-version = "1.2.0"
+version = "1.1.1"
 dependencies = [
  "heck 0.4.0",
  "proc-macro2",
@@ -3242,7 +3242,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-runtime"
-version = "0.12.0"
+version = "0.11.1"
 dependencies = [
  "gtk",
  "http",
@@ -3253,14 +3253,15 @@ dependencies = [
  "serde_json",
  "tauri-utils",
  "thiserror",
- "uuid 1.2.1",
+ "url",
+ "uuid 1.1.2",
  "webview2-com",
  "windows 0.39.0",
 ]
 
 [[package]]
 name = "tauri-runtime-wry"
-version = "0.12.0"
+version = "0.11.1"
 dependencies = [
  "cocoa",
  "gtk",
@@ -3269,7 +3270,8 @@ dependencies = [
  "raw-window-handle",
  "tauri-runtime",
  "tauri-utils",
- "uuid 1.2.1",
+ "url",
+ "uuid 1.1.2",
  "webkit2gtk",
  "webview2-com",
  "windows 0.39.0",
@@ -3278,7 +3280,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-utils"
-version = "1.2.0"
+version = "1.1.1"
 dependencies = [
  "aes-gcm",
  "brotli",

tooling/cli/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## \[1.2.3]
+
+- Pin `ignore` to `=0.4.18`.
+  - [adcb082b](https://www.github.com/tauri-apps/tauri/commit/adcb082b1651ecb2a6208b093e12f4185aa3fc98) chore(deps): pin `ignore` to =0.4.18 on 2023-01-17
+
 ## \[1.2.2]
 
 - Detect SvelteKit and Vite for the init and info commands.

tooling/cli/Cargo.lock

@@ -3121,7 +3121,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-cli"
-version = "1.2.2"
+version = "1.2.3"
 dependencies = [
  "anyhow",
  "axum",

tooling/cli/Cargo.toml

@@ -3,7 +3,7 @@ members = [ "node" ]
 
 [package]
 name = "tauri-cli"
-version = "1.2.2"
+version = "1.2.3"
 authors = [ "Tauri Programme within The Commons Conservancy" ]
 edition = "2021"
 rust-version = "1.59"
@@ -68,7 +68,7 @@ heck = "0.4"
 dialoguer = "0.10"
 url = { version = "2.3", features = [ "serde" ] }
 os_pipe = "1"
-ignore = "0.4"
+ignore = "=0.4.18"
 ctrlc = "3.2"
 log = { version = "0.4.17", features = [ "kv_unstable", "kv_unstable_std" ] }
 env_logger = "0.9.1"

tooling/cli/metadata.json

@@ -1,8 +1,8 @@
 {
   "cli.js": {
-    "version": "1.2.2",
+    "version": "1.2.3",
     "node": ">= 10.0.0"
   },
-  "tauri": "1.2.2",
+  "tauri": "1.2.5",
   "tauri-build": "1.2.1"
 }

tooling/cli/node/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## \[1.2.3]
+
+- Pin `ignore` to `=0.4.18`.
+  - [adcb082b](https://www.github.com/tauri-apps/tauri/commit/adcb082b1651ecb2a6208b093e12f4185aa3fc98) chore(deps): pin `ignore` to =0.4.18 on 2023-01-17
+
 ## \[1.2.2]
 
 - Detect SvelteKit and Vite for the init and info commands.

tooling/cli/node/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tauri-apps/cli",
-  "version": "1.2.2",
+  "version": "1.2.3",
   "description": "Command line interface for building Tauri apps",
   "funding": {
     "type": "opencollective",
@@ -45,6 +45,9 @@
     "jest-transform-toml": "1.0.0",
     "prettier": "2.8.1"
   },
+  "resolutions": {
+    "json5": "2.2.3"
+  },
   "engines": {
     "node": ">= 10"
   },

tooling/cli/node/yarn.lock

@@ -1822,17 +1822,10 @@ json-parse-even-better-errors@^2.3.0:
   resolved "https://registry.yarnpkg.com/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz#7c47805a94319928e05777405dc12e1f7a4ee02d"
   integrity sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==
 
-json5@^2.1.2:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.0.tgz#2dfefe720c6ba525d9ebd909950f0515316c89a3"
-  integrity sha512-f+8cldu7X/y7RAJurMEJmdoKXGB/X550w2Nr3tTbezL6RwEE/iMcm+tZnXeoZtKuOq6ft8+CqzEkrIgx1fPoQA==
-  dependencies:
-    minimist "^1.2.5"
-
-json5@^2.2.1:
-  version "2.2.1"
-  resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.1.tgz#655d50ed1e6f95ad1a3caababd2b0efda10b395c"
-  integrity sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==
+json5@2.2.3, json5@^2.1.2, json5@^2.2.1:
+  version "2.2.3"
+  resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.3.tgz#78cd6f1a19bdc12b73db5ad0c61efd66c1e29283"
+  integrity sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==
 
 jsonfile@^6.0.1:
   version "6.1.0"
@@ -1911,11 +1904,6 @@ minimatch@^3.0.4:
   dependencies:
     brace-expansion "^1.1.7"
 
-minimist@^1.2.5:
-  version "1.2.6"
-  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44"
-  integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==
-
 ms@2.1.2:
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009"