docs: security.md mark 'Enable process sandboxing' as active by defau… (#48647)
* docs: security.md mark 'Enable process sandboxing' as active by default since electron 20 Co-authored-by: LeUser111 <florian.wiedenmann@grob.de> * Adjusted according to feedback Co-authored-by: LeUser111 <florian.wiedenmann@grob.de> * Updated according to feedback - adjusted sandbox.md Co-authored-by: LeUser111 <florian.wiedenmann@grob.de> * formatting Co-authored-by: LeUser111 <florian.wiedenmann@grob.de> * Fixed broken markup Co-authored-by: LeUser111 <florian.wiedenmann@grob.de> * Implemented docs linting suggestions Co-authored-by: LeUser111 <florian.wiedenmann@grob.de> * docs: docs/tutorial/sandbox.md - fixed typo Co-authored-by: Erick Zhao <erick@hotmail.ca> Co-authored-by: Teaveloper <49181620+LeUser111@users.noreply.github.com> * docs: web-preferences.md - sandbox: mention default value and relation to nodeIntegration Co-authored-by: LeUser111 <florian.wiedenmann@grob.de> --------- Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: LeUser111 <florian.wiedenmann@grob.de> Co-authored-by: Teaveloper <49181620+LeUser111@users.noreply.github.com>
This commit is contained in:
trop[bot]
GitHub
parent
1056280b0a
commit
7319e5c18b
3 changed files with 30 additions and 3 deletions
|
|
@ -244,6 +244,10 @@ to enable this behavior.
|
|||
Even when `nodeIntegration: false` is used, to truly enforce strong isolation
|
||||
and prevent the use of Node primitives `contextIsolation` **must** also be used.
|
||||
|
||||
Beware that _disabling context isolation_ for a renderer process by setting
|
||||
`nodeIntegration: true` _also disables process sandboxing_ for that process.
|
||||
See section below.
|
||||
|
||||
:::info
|
||||
For more information on what `contextIsolation` is and how to enable it please
|
||||
see our dedicated [Context Isolation](context-isolation.md) document.
|
||||
|
|
@ -251,6 +255,16 @@ see our dedicated [Context Isolation](context-isolation.md) document.
|
|||
|
||||
### 4. Enable process sandboxing
|
||||
|
||||
:::info
|
||||
This recommendation is the default behavior in Electron since 20.0.0.
|
||||
|
||||
Additionally, process sandboxing can be enforced for all renderer processes
|
||||
application wide: [Enabling the sandbox globally](sandbox.md#enabling-the-sandbox-globally)
|
||||
|
||||
_Disabling context isolation_ (see above) _also disables process sandboxing_,
|
||||
regardless of the default, `sandbox: false` or globally enabled sandboxing!
|
||||
:::
|
||||
|
||||
[Sandboxing](https://chromium.googlesource.com/chromium/src/+/HEAD/docs/design/sandbox.md)
|
||||
is a Chromium feature that uses the operating system to
|
||||
significantly limit what renderer processes have access to. You should enable
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue