diff --git a/lib/renderer/init.js b/lib/renderer/init.js index d4f1c4da314d..50e02c50e22c 100644 --- a/lib/renderer/init.js +++ b/lib/renderer/init.js @@ -129,6 +129,15 @@ if (nodeIntegration === 'true') { } } + if (/(https?)|(ftp):/.test(window.location.protocol)) { + let warning = 'This renderer process has Node.js integration enabled ' + warning += 'and attempted to load remote content. This exposes users of this app to severe ' + warning += 'security risks.\n' + warning += 'For more information and help, consult https://electron.atom.io/docs/tutorial/security/' + + console.warn('%cElectron Security Warning', 'font-weight: bold;', warning) + } + // Redirect window.onerror to uncaughtException. window.onerror = function (message, filename, lineno, colno, error) { if (global.process.listeners('uncaughtException').length > 0) {