docs: update sandbox renderer defaults for Electron 20 (#35379)
* docs: update E20 sandbox rendering defaults * docs: update tutorial * simplify paragraph * dont mention context isolation
This commit is contained in:
parent
4fb4167b8b
commit
34cb360730
2 changed files with 58 additions and 36 deletions
|
@ -38,7 +38,25 @@ called a **preload**.
|
|||
## Augmenting the renderer with a preload script
|
||||
|
||||
A BrowserWindow's preload script runs in a context that has access to both the HTML DOM
|
||||
and a Node.js environment. Preload scripts are injected before a web page loads in the renderer,
|
||||
and a limited subset of Node.js and Electron APIs.
|
||||
|
||||
:::info Preload script sandboxing
|
||||
|
||||
From Electron 20 onwards, preload scripts are **sandboxed** by default and no longer have access
|
||||
to a full Node.js environment. Practically, this means that you have a polyfilled `require`
|
||||
function that only has access to a limited set of APIs.
|
||||
|
||||
| Available API | Details |
|
||||
| ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Electron modules | Renderer process modules |
|
||||
| Node.js modules | [`events`](https://nodejs.org/api/events.html), [`timers`](https://nodejs.org/api/timers.html), [`url`](https://nodejs.org/api/url.html) |
|
||||
| Polyfilled globals | [`Buffer`](https://nodejs.org/api/buffer.html), [`process`](../api/process.md), [`clearImmediate`](https://nodejs.org/api/timers.html#timers_clearimmediate_immediate), [`setImmediate`](https://nodejs.org/api/timers.html#timers_setimmediate_callback_args) |
|
||||
|
||||
For more information, check out the [Process Sandboxing](./sandbox.md) guide.
|
||||
|
||||
:::
|
||||
|
||||
Preload scripts are injected before a web page loads in the renderer,
|
||||
similar to a Chrome extension's [content scripts][content-script]. To add features to your renderer
|
||||
that require privileged access, you can define [global] objects through the
|
||||
[contextBridge][contextbridge] API.
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue