docs: explain ipcRenderer behavior in context-bridge.md (#43455)

* docs: explain ipcRenderer behavior in context-bridge.md

* Update context-bridge.md

* Update context-bridge.md

* Update docs/api/context-bridge.md

Co-authored-by: Erik Moura <erikian@erikian.dev>

* Update context-bridge.md

* Update context-bridge.md

* Update context-bridge.md

* Update docs/api/context-bridge.md

Co-authored-by: Erick Zhao <erick@hotmail.ca>

* Update docs/api/context-bridge.md

Co-authored-by: David Sanders <dsanders11@ucsbalum.com>

---------

Co-authored-by: Erik Moura <erikian@erikian.dev>
Co-authored-by: Erick Zhao <erick@hotmail.ca>
Co-authored-by: David Sanders <dsanders11@ucsbalum.com>
This commit is contained in:
Kilian Valkhof 2024-09-05 22:48:22 +02:00 committed by GitHub
parent 69df09dc90
commit 32d5f9e3ef
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -147,6 +147,25 @@ has been included below for completeness:
If the type you care about is not in the above table, it is probably not supported. If the type you care about is not in the above table, it is probably not supported.
### Exposing ipcRenderer
Attempting to send the entire `ipcRenderer` module as an object over the `contextBridge` will result in
an empty object on the receiving side of the bridge. Sending over `ipcRenderer` in full can let any
code send any message, which is a security footgun. To interact through `ipcRenderer`, provide a safe wrapper
like below:
```js
// Preload (Isolated World)
contextBridge.exposeInMainWorld('electron', {
onMyEventName: (callback) => ipcRenderer.on('MyEventName', (e, ...args) => callback(args))
})
```
```js @ts-nocheck
// Renderer (Main World)
window.electron.onMyEventName(data => { /* ... */ })
```
### Exposing Node Global Symbols ### Exposing Node Global Symbols
The `contextBridge` can be used by the preload script to give your renderer access to Node APIs. The `contextBridge` can be used by the preload script to give your renderer access to Node APIs.