mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

📝 Fix the fix

Browse source
This commit is contained in:
Felix Rieseberg 2018-02-19 18:38:59 -06:00
parent 64fc523977
commit 037ee0cff3
2 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/tutorial/security.md
View file

@ -521,7 +521,7 @@ A WebView created in a renderer process that does not have Node.js integration
enabled will not be able to enable integration itself. However, a WebView will
always create an independent renderer process with its own `webPreferences`.
It is a good idea to control the creation of new [`WebViews`](web-view) from
It is a good idea to control the creation of new [`WebViews`][web-view] from
the main process and to verify that their webPreferences do not disable
security features.
@ -533,11 +533,11 @@ website even if Node.js integration is otherwise disabled.
Electron enables developers to disable various security features that control
a renderer process. In most cases, developers do not need to disable any of
those features - and you should therefore not allow different configurations
for newly created [`<WebView>`](web-view) tags.
for newly created [`<WebView>`][web-view] tags.
### How?
Before a [`<WebView>`](web-view) tag is attached, Electron will fire the
Before a [`<WebView>`][web-view] tag is attached, Electron will fire the
`will-attach-webview` event on the hosting `webContents`. Use the event to
prevent the creation of WebViews with possibly insecure options.