mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

docs: use correct headings in tutorial/security.md (#45397)

Browse source
This commit is contained in:
Anh Le 2025-02-06 11:16:24 +01:00 committed by GitHub
parent c0282eb9c8
commit 6adc737a89
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/tutorial/security.md
View file

@ -810,7 +810,7 @@ potential error cases, and refer to
You should not directly expose Electron's APIs, especially IPC, to untrusted web content in your
preload scripts.
### Why?
#### Why?
Exposing raw APIs like `ipcRenderer.on` is dangerous because it gives renderer processes direct
access to the entire IPC event system, allowing them to listen for any IPC events, not just the ones
@ -823,7 +823,7 @@ events, passing the callback directly means the renderer gets access to this eve
In short, we want the untrusted web content to only have access to necessary information and APIs.
### How?
#### How?
```js title='preload'.js'
// Bad