__electronHot__ injection causes SyntaxError if absolute path contains '

[Martin-Pitt]

Was getting blank windows when I noticed via DevTools I was getting a SyntaxError: missing ) after argument list, this is because my project folder has a ' in the absolute path.

In fact, this seems like a possible XSS attack vector if the folders are named specifically. (E.g. escaping string quoting via the path)

Please escape the absolute path when injecting var __electronHot__ = require(…); with the path

[geowarin]

Hello @Martin-Pitt.
Thanks for the feedback!

You should not enable electron-hot in production, so I don't really think there is an XSS risk here.

That being said, I would love to fix this problem.
Would you be able to send a PR?