fix(electron): resolve CodeQL alerts #22 and #25 in electron.js by KristjanESPERANTO · Pull Request #4136 · MagicMirrorOrg/MagicMirror

KristjanESPERANTO · 2026-05-03T13:34:00Z

I reviewed the CodeQL alerts for js/electron.js:

Both point to real bugs.

#25: The window size fallback was written as a comma expression ((800, 600)), so it did not produce the expected object structure { width, height }. I am not surprised it went unnoticed because it sits in a fallback path.
#22: ...new Set(electronSwitchesDefaults, config.electronSwitches) silently ignored the second parameter. As a result, custom electronSwitches were never applied. I am wondering: this has been broken since PR Add custom switches for electron mainWindow #2643 introduced it, so I'm quite sure it could not have worked as intended in that form. Why didn't anyone (not even @eouia) notice that? 🤔

Changes

Fix for #25:
- Corrects the fallback from (800, 600) to a valid size object { width: 800, height: 600 }.
Fix for #22:
- Sets the default switch explicitly as a correct key-value pair:
  - app.commandLine.appendSwitch("autoplay-policy", "no-user-gesture-required")
- Applies custom config.electronSwitches individually afterward.

KristjanESPERANTO added 2 commits May 3, 2026 14:42

fix(electron): fix invalid default size fallback

a69e7c5

fix(electron): fix appendSwitch and electronSwitches handling

f1e3d9f

khassel approved these changes May 3, 2026

View reviewed changes

khassel merged commit d20306c into MagicMirrorOrg:develop May 3, 2026
12 checks passed

KristjanESPERANTO deleted the fix/electron-switch branch May 3, 2026 19:15