From c64887c3f77e63c982f3b1be424416d98920490a Mon Sep 17 00:00:00 2001
From: Michael Ochmann <michael.ochmann@propeller.de>
Date: Fri, 30 Sep 2022 23:10:18 +0200
Subject: [PATCH] now only allowing images to be the taget of an img source

---
 src/Ation.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/Ation.js b/src/Ation.js
index d7946b4..18e85aa 100644
--- a/src/Ation.js
+++ b/src/Ation.js
@@ -1,6 +1,7 @@
 "use strict";
 const {app, protocol} = require("electron");
 const url             = require("url");
+const path            = require("path");
 
 const WindowManager = require("./WindowManager");
 
@@ -14,8 +15,11 @@ class Ation {
 
 		app.whenReady().then(async () => {
 			protocol.registerFileProtocol("slideimg", (request, callback) => {
-				const path = request.url.replace(/^slideimg:\/\//, "");
-				callback(path);
+				const uri       = request.url.replace(/^slideimg:\/\//, "");
+				const extension = path.extname(uri).replace(/^\./, "");
+
+				if (["png", "jpg", "jpeg", "svg", "bmp", "gif", "tiff"].includes(extension.toLowerCase()))
+					callback(uri);
 			});
 		});
 	}