mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

refactor: ensure IpcRenderer is not bridgable (#40330)

Browse source 
* refactor: ensure IpcRenderer is not bridgable

* chore: add notes to breaking-changes

* spec: fix test that bridged ipcrenderer
This commit is contained in:
Samuel Attard 2023-10-31 14:29:40 -07:00 committed by GitHub
parent 39d36e4462
commit 83892ab995
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 59 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

13
docs/breaking-changes.md
View file

@ -14,6 +14,19 @@ This document uses the following convention to categorize breaking changes:
## Planned Breaking API Changes (29.0)
### Behavior Changed: `ipcRenderer` can no longer be sent over the `contextBridge`
Attempting to send `ipcRenderer` as an object over the `contextBridge` will now result in
an empty object on the receiving side of the bridge. This change was made to remove / mitigate
a security footgun, you should not directly expose ipcRenderer or it's methods over the bridge.
Instead provide a safe wrapper like below:
```js
contextBridge.exposeInMainWorld('app', {
onEvent: (cb) => ipcRenderer.on('foo', (e, ...args) => cb(args))
})
```
### Removed: `renderer-process-crashed` event on `app`
The `renderer-process-crashed` event on `app` has been removed.