docs: explain ipcRenderer behavior in context-bridge.md (#43455)
* docs: explain ipcRenderer behavior in context-bridge.md * Update context-bridge.md * Update context-bridge.md * Update docs/api/context-bridge.md Co-authored-by: Erik Moura <erikian@erikian.dev> * Update context-bridge.md * Update context-bridge.md * Update context-bridge.md * Update docs/api/context-bridge.md Co-authored-by: Erick Zhao <erick@hotmail.ca> * Update docs/api/context-bridge.md Co-authored-by: David Sanders <dsanders11@ucsbalum.com> --------- Co-authored-by: Erik Moura <erikian@erikian.dev> Co-authored-by: Erick Zhao <erick@hotmail.ca> Co-authored-by: David Sanders <dsanders11@ucsbalum.com>
This commit is contained in:
parent
69df09dc90
commit
32d5f9e3ef
1 changed files with 19 additions and 0 deletions
|
@ -147,6 +147,25 @@ has been included below for completeness:
|
||||||
|
|
||||||
If the type you care about is not in the above table, it is probably not supported.
|
If the type you care about is not in the above table, it is probably not supported.
|
||||||
|
|
||||||
|
### Exposing ipcRenderer
|
||||||
|
|
||||||
|
Attempting to send the entire `ipcRenderer` module as an object over the `contextBridge` will result in
|
||||||
|
an empty object on the receiving side of the bridge. Sending over `ipcRenderer` in full can let any
|
||||||
|
code send any message, which is a security footgun. To interact through `ipcRenderer`, provide a safe wrapper
|
||||||
|
like below:
|
||||||
|
|
||||||
|
```js
|
||||||
|
// Preload (Isolated World)
|
||||||
|
contextBridge.exposeInMainWorld('electron', {
|
||||||
|
onMyEventName: (callback) => ipcRenderer.on('MyEventName', (e, ...args) => callback(args))
|
||||||
|
})
|
||||||
|
```
|
||||||
|
|
||||||
|
```js @ts-nocheck
|
||||||
|
// Renderer (Main World)
|
||||||
|
window.electron.onMyEventName(data => { /* ... */ })
|
||||||
|
```
|
||||||
|
|
||||||
### Exposing Node Global Symbols
|
### Exposing Node Global Symbols
|
||||||
|
|
||||||
The `contextBridge` can be used by the preload script to give your renderer access to Node APIs.
|
The `contextBridge` can be used by the preload script to give your renderer access to Node APIs.
|
||||||
|
|
Loading…
Reference in a new issue