Harden Windows notification delivery

Author: kujirahand

TkEasyGUI/dialogs.py

@@ -5,7 +5,6 @@
 import os
 import subprocess
 import sys
-import tempfile
 import tkinter
 from datetime import datetime, timedelta
 from re import Pattern
@@ -1362,25 +1361,33 @@ def to_base64(s: str) -> str:
 
     encoded_title = to_base64(title)
     encoded_message = to_base64(message)
-    app_id = sys.executable.replace("\\", "\\\\")
+    script_content = r"""
+$ErrorActionPreference = "Stop"
 
-    # PowerShell Script using Base64 (embedded and executed via -EncodedCommand)
-    script_content = rf"""
-$encodedTitle = "{encoded_title}"
-$encodedMessage = "{encoded_message}"
-$appPath = "{app_id}"
+$encodedTitle = [System.Environment]::GetEnvironmentVariable("TKEASYGUI_NOTIFY_TITLE_B64")
+$encodedMessage = [System.Environment]::GetEnvironmentVariable("TKEASYGUI_NOTIFY_MESSAGE_B64")
+$appId = [System.Environment]::GetEnvironmentVariable("TKEASYGUI_NOTIFY_APP_ID")
+
+if ([string]::IsNullOrEmpty($encodedTitle) -or [string]::IsNullOrEmpty($encodedMessage) -or [string]::IsNullOrEmpty($appId)) {
+    exit 1
+}
 
 $decodedTitle = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encodedTitle))
 $decodedMessage = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encodedMessage))
-$bodyText = "$decodedTitle`n$decodedMessage"
 
-$ToastText01 = [Windows.UI.Notifications.ToastTemplateType, Windows.UI.Notifications, ContentType = WindowsRuntime]::ToastText01
-$TemplateContent = [Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime]::GetTemplateContent($ToastText01)
-$TemplateContent.SelectSingleNode('//text[@id="1"]').InnerText = $bodyText
-[Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($appPath).Show($TemplateContent)
+$toastType = [Windows.UI.Notifications.ToastTemplateType, Windows.UI.Notifications, ContentType = WindowsRuntime]::ToastText02
+$templateContent = [Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime]::GetTemplateContent($toastType)
+$textNodes = $templateContent.GetElementsByTagName("text")
+$textNodes.Item(0).AppendChild($templateContent.CreateTextNode($decodedTitle)) | Out-Null
+$textNodes.Item(1).AppendChild($templateContent.CreateTextNode($decodedMessage)) | Out-Null
+$toast = [Windows.UI.Notifications.ToastNotification, Windows.UI.Notifications, ContentType = WindowsRuntime]::new($templateContent)
+[Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($appId).Show($toast)
 """.strip()
 
-    encoded_script = base64.b64encode(script_content.encode("utf-16le")).decode("ascii")
+    ps_env = os.environ.copy()
+    ps_env["TKEASYGUI_NOTIFY_TITLE_B64"] = encoded_title
+    ps_env["TKEASYGUI_NOTIFY_MESSAGE_B64"] = encoded_message
+    ps_env["TKEASYGUI_NOTIFY_APP_ID"] = sys.executable
 
     try:
         subprocess.run(
@@ -1391,9 +1398,13 @@ def to_base64(s: str) -> str:
                 "-NonInteractive",
                 "-ExecutionPolicy",
                 "Bypass",
-                "-EncodedCommand",
-                encoded_script,
+                "-Command",
+                "-",
             ],
+            input=script_content,
+            text=True,
+            encoding="utf-8",
+            env=ps_env,
             check=True,
         )
         return True