mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

docs: use correct headings in tutorial/security.md (#45397)

Browse source
This commit is contained in:
Anh Le 2025-02-06 11:16:24 +01:00 committed by GitHub
parent c0282eb9c8
commit 6adc737a89
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/tutorial/security.md
View file

@ -810,7 +810,7 @@ potential error cases, and refer to
You should not directly expose Electron's APIs, especially IPC, to untrusted web content in your You should not directly expose Electron's APIs, especially IPC, to untrusted web content in your
preload scripts. preload scripts.
### Why? #### Why?
Exposing raw APIs like `ipcRenderer.on` is dangerous because it gives renderer processes direct Exposing raw APIs like `ipcRenderer.on` is dangerous because it gives renderer processes direct
access to the entire IPC event system, allowing them to listen for any IPC events, not just the ones access to the entire IPC event system, allowing them to listen for any IPC events, not just the ones
@ -823,7 +823,7 @@ events, passing the callback directly means the renderer gets access to this eve
In short, we want the untrusted web content to only have access to necessary information and APIs. In short, we want the untrusted web content to only have access to necessary information and APIs.
### How? #### How?
```js title='preload'.js' ```js title='preload'.js'
// Bad // Bad