I am opening IE browser in(via) my electron application using Node child_process
. Code below:
var cp = require('child_process');
var browser = cp.exec('start', 'iexplore', ['-private', args.url]);
This is raising command injection warning when I run Fortify analysis on this code. Also, this args.url
is fetched from api resource (stored in db) and is not related to any user input on this client application.
Please help me escape this. I also tried spawn
, but no success.