docs: update Node global symbols example to use contextBridge (#28245)

* docs: update Node global symbols example to use contextBridge * Trigger Build * docs: change Node API example to show how to expose a crypto API Co-authored-by: Jeremy Rose <nornagon@nornagon.net> * docs: Fix lint warning for crypto code sample * docs: update node API example description to emphasize APIs instead of symbols Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
2021-03-21 19:01:12 -07:00 · 2021-03-21 19:01:12 -07:00 · 8c3165434a
commit 8c3165434a
parent c8d18a0a1c
3 changed files with 21 additions and 15 deletions
--- a/docs/api/browser-window.md
+++ b/docs/api/browser-window.md
@ -267,7 +267,7 @@ It creates a new `BrowserWindow` with native properties as set by the `options`.
      be the absolute file path to the script.
      When node integration is turned off, the preload script can reintroduce
      Node global symbols back to the global scope. See example
-      [here](process.md#event-loaded).
+      [here](context-bridge.md#exposing-node-global-symbols).
    * `sandbox` Boolean (optional) - If set, this will sandbox the renderer
      associated with the window, making it compatible with the Chromium
      OS-level sandbox and disabling the Node.js engine. This is not the same as
--- a/docs/api/context-bridge.md
+++ b/docs/api/context-bridge.md
@ -33,7 +33,7 @@ page you load in your renderer executes code in this world.

 ### Isolated World

-When `contextIsolation` is enabled in your `webPreferences`, your `preload` scripts run in an
+When `contextIsolation` is enabled in your `webPreferences` (this is the default behavior since Electron 12.0.0), your `preload` scripts run in an
 "Isolated World".  You can read more about context isolation and what it affects in the
 [security](../tutorial/security.md#3-enable-context-isolation-for-remote-content) docs.

@ -110,3 +110,22 @@ has been included below for completeness:
 | `Symbol` | N/A | ❌ | ❌ | Symbols cannot be copied across contexts so they are dropped |

 If the type you care about is not in the above table, it is probably not supported.
+
+### Exposing Node Global Symbols
+
+The `contextBridge` can be used by the preload script to give your renderer access to Node APIs.
+The table of supported types described above also applies to Node APIs that you expose through `contextBridge`.
+Please note that many Node APIs grant access to local system resources.
+Be very cautious about which globals and APIs you expose to untrusted remote content.
+
+```javascript
+const { contextBridge } = require('electron')
+const crypto = require('crypto')
+contextBridge.exposeInMainWorld('nodeCrypto', {
+  sha256sum (data) {
+    const hash = crypto.createHash('sha256')
+    hash.update(data)
+    return hash.digest('hex')
+  }
+})
+```
--- a/docs/api/process.md
+++ b/docs/api/process.md
@ -45,19 +45,6 @@ In sandboxed renderers the `process` object contains only a subset of the APIs:
 Emitted when Electron has loaded its internal initialization script and is
 beginning to load the web page or the main script.

-It can be used by the preload script to add removed Node global symbols back to
-the global scope when node integration is turned off:
-
-```javascript
-// preload.js
-const _setImmediate = setImmediate
-const _clearImmediate = clearImmediate
-process.once('loaded', () => {
-  global.setImmediate = _setImmediate
-  global.clearImmediate = _clearImmediate
-})
-```
-
 ## Properties

 ### `process.defaultApp` _Readonly_