no-electron-unrestricted-navigation

Disallow Electron navigation handlers that allow unrestricted navigation or window creation.

Targeted pattern scope

Electron navigation/open handlers that allow unrestricted navigation behavior.

What this rule reports

setWindowOpenHandler returning allow, or will-navigate handlers that do not block by default.

Why this rule exists

Unrestricted navigation can enable tabnabbing, phishing surfaces, and privilege-boundary bypasses.

❌ Incorrect

contents.setWindowOpenHandler(() => ({ action: "allow" }));

✅ Correct

contents.on("will-navigate", (event, url) => {
 event.preventDefault();
 if (url === "https://example.com") {
  /* reviewed allowlist path */
 }
});

ESLint flat config example

import sdl from "eslint-plugin-sdl-2";

export default [
 {
  plugins: { sdl },

  rules: {
   "sdl/no-electron-unrestricted-navigation": "error",
  },
 },
];

When not to use it

Disable only if navigation and window-opening are governed by a reviewed allowlist abstraction outside the immediate handler.

Package documentation

Rule source

Targeted pattern scope​

What this rule reports​

Why this rule exists​

❌ Incorrect​

✅ Correct​

ESLint flat config example​

When not to use it​

Package documentation​

Further reading​