Honour BROWSER env var and use rundll32 on Windows#56
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #45.
Two changes to
openBrowser, both in the same function so bundled together.$BROWSERsupport: if the environment variable is set, that executable is used directly with the URL as its only argument. Falls back to the existing platform default when unset. No support for:-separated lists or%ssubstitution — the Go toolchain's internal browser package doesn't bother with those either and the simple form covers the common case.Windows launcher: switched from
cmd /c start <url>torundll32 url.dll,FileProtocolHandler <url>. The old version was unsafe because cmd.exe re-parses its/cargument, so a URL containing&would be split into separate shell commands. The URL is built fromrepo.HTMLURLandrepo.DefaultBranchwhich come from the forge API, so a compromised self-hosted instance could exploit it. With rundll32 the URL stays a single argv element with no shell in the path.The argv-building is split out into a
browserCmd(goos, url)helper so it can be tested without launching anything.