mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

address changes from review

Browse source
This commit is contained in:
Shelley Vohr 2018-05-23 15:57:58 -07:00
parent 5f5322c64e
commit 322a303683
No known key found for this signature in database
GPG key ID: F13993A75599653C
2 changed files with 32 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/api/native-image.md
View file

@ -137,7 +137,7 @@ let image = nativeImage.createFromPath('/Users/somebody/images/icon.png')
console.log(image) console.log(image)
``` ```
### `nativeImage.createFromBuffer(buffer, options)` ### `nativeImage.createFromBuffer(buffer[, options])`
* `buffer` [Buffer][buffer] * `buffer` [Buffer][buffer]
* `options` Object (optional) * `options` Object (optional)

67
lib/renderer/security-warnings.js
View file

@ -91,9 +91,9 @@ const getWebPreferences = function () {
} }
} }
const moreInformation = '\nFor more information and help, consult ' + const moreInformation = `\nFor more information and help, consult
'https://electronjs.org/docs/tutorial/security.\n' + https://electronjs.org/docs/tutorial/security.\n This warning will not show up
'This warning will not show up once the app is packaged.' once the app is packaged.`
module.exports = { module.exports = {
shouldLogSecurityWarnings, shouldLogSecurityWarnings,
@ -119,11 +119,10 @@ module.exports = {
return return
} }
let warning = 'This renderer process loads resources using insecure protocols. ' + const warning = `This renderer process loads resources using insecure
'This exposes users of this app to unnecessary security risks. ' + protocols.This exposes users of this app to unnecessary security risks.
'Consider loading the following resources over HTTPS or FTPS. \n' + Consider loading the following resources over HTTPS or FTPS. \n ${resources}
resources + '\n' + \n ${moreInformation}`
moreInformation
console.warn('%cElectron Security Warning (Insecure Resources)', console.warn('%cElectron Security Warning (Insecure Resources)',
'font-weight: bold;', warning) 'font-weight: bold;', warning)
@ -137,10 +136,9 @@ module.exports = {
*/ */
warnAboutNodeWithRemoteContent: () => { warnAboutNodeWithRemoteContent: () => {
if (getIsRemoteProtocol()) { if (getIsRemoteProtocol()) {
let warning = 'This renderer process has Node.js integration enabled ' + const warning = `This renderer process has Node.js integration enabled
'and attempted to load remote content. This exposes users of this app to severe ' + and attempted to load remote content. This exposes users of this app to
'security risks.\n' + severe security risks.\n ${moreInformation}`
moreInformation
console.warn('%cElectron Security Warning (Node.js Integration with Remote Content)', console.warn('%cElectron Security Warning (Node.js Integration with Remote Content)',
'font-weight: bold;', warning) 'font-weight: bold;', warning)
@ -162,9 +160,8 @@ module.exports = {
const webPreferences = getWebPreferences() const webPreferences = getWebPreferences()
if (!webPreferences || webPreferences.webSecurity !== false) return if (!webPreferences || webPreferences.webSecurity !== false) return
let warning = 'This renderer process has "webSecurity" disabled. ' + const warning = `This renderer process has "webSecurity" disabled. This
'This exposes users of this app to severe security risks.\n' + exposes users of this app to severe security risks.\n ${moreInformation}`
moreInformation
console.warn('%cElectron Security Warning (Disabled webSecurity)', console.warn('%cElectron Security Warning (Disabled webSecurity)',
'font-weight: bold;', warning) 'font-weight: bold;', warning)
@ -180,10 +177,9 @@ module.exports = {
*/ */
warnAboutInsecureCSP: () => { warnAboutInsecureCSP: () => {
if (isUnsafeEvalEnabled()) { if (isUnsafeEvalEnabled()) {
let warning = 'This renderer process has either no Content Security Policy set ' + const warning = `This renderer process has either no Content Security
'or a policy with "unsafe-eval" enabled. This exposes users of this ' + Policy set or a policy with "unsafe-eval" enabled. This exposes users of
'app to unnecessary security risks.\n' + this app to unnecessary security risks.\n ${moreInformation}`
moreInformation
console.warn('%cElectron Security Warning (Insecure Content-Security-Policy)', console.warn('%cElectron Security Warning (Insecure Content-Security-Policy)',
'font-weight: bold;', warning) 'font-weight: bold;', warning)
@ -199,9 +195,9 @@ module.exports = {
const webPreferences = getWebPreferences() const webPreferences = getWebPreferences()
if (!webPreferences || !webPreferences.allowRunningInsecureContent) return if (!webPreferences || !webPreferences.allowRunningInsecureContent) return
let warning = 'This renderer process has "allowRunningInsecureContent" ' + const warning = `This renderer process has "allowRunningInsecureContent"
'enabled. This exposes users of this app to severe security risks.\n' + enabled. This exposes users of this app to severe security risks.\n
moreInformation ${moreInformation}`
console.warn('%cElectron Security Warning (allowRunningInsecureContent)', console.warn('%cElectron Security Warning (allowRunningInsecureContent)',
'font-weight: bold;', warning) 'font-weight: bold;', warning)
@ -219,10 +215,9 @@ module.exports = {
return return
} }
let warning = 'This renderer process has "experimentalFeatures" ' + const warning = `This renderer process has "experimentalFeatures" enabled.
'enabled. This exposes users of this app to some security risk. ' + This exposes users of this app to some security risk. If you do not need
'If you do not need this feature, you should disable it.\n' + this feature, you should disable it.\n ${moreInformation}`
moreInformation
console.warn('%cElectron Security Warning (experimentalFeatures)', console.warn('%cElectron Security Warning (experimentalFeatures)',
'font-weight: bold;', warning) 'font-weight: bold;', warning)
@ -235,15 +230,15 @@ module.exports = {
*/ */
warnAboutEnableBlinkFeatures: () => { warnAboutEnableBlinkFeatures: () => {
const webPreferences = getWebPreferences() const webPreferences = getWebPreferences()
if (!webPreferences || !webPreferences.enableBlinkFeatures || if (webPreferences === null ||
(webPreferences.enableBlinkFeatures.length && webPreferences.enableBlinkFeatures.length === 0)) { !webPreferences.hasOwnProperty('enableBlinkFeatures') ||
webPreferences.enableBlinkFeatures.length === 0) {
return return
} }
let warning = 'This renderer process has additional "enableBlinkFeatures" ' + const warning = `This renderer process has additional "enableBlinkFeatures"
'enabled. This exposes users of this app to some security risk. ' + enabled. This exposes users of this app to some security risk. If you do not
'If you do not need this feature, you should disable it.\n' + need this feature, you should disable it.\n ${moreInformation}`
moreInformation
console.warn('%cElectron Security Warning (enableBlinkFeatures)', console.warn('%cElectron Security Warning (enableBlinkFeatures)',
'font-weight: bold;', warning) 'font-weight: bold;', warning)
@ -262,10 +257,10 @@ module.exports = {
return return
} }
let warning = 'A <webview> has "allowpopups" set to true. ' + const warning = `A <webview> has "allowpopups" set to true. This exposes
'This exposes users of this app to some security risk, since popups are just ' + users of this app to some security risk, since popups are just
'BrowserWindows. If you do not need this feature, you should disable it.\n' + BrowserWindows. If you do not need this feature, you should disable it.\n
moreInformation ${moreInformation}`
console.warn('%cElectron Security Warning (allowpopups)', console.warn('%cElectron Security Warning (allowpopups)',
'font-weight: bold;', warning) 'font-weight: bold;', warning)