mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

docs: reference security guide in ipcRenderer.on docs (#45325)

Browse source
This commit is contained in:
Niklas Wenzel 2025-01-29 12:50:20 +01:00 committed by GitHub
parent 50387043d1
commit 8cf2e46c1f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
docs/api/ipc-renderer.md
View file

@ -41,6 +41,16 @@ The `ipcRenderer` module has the following method to listen for events and send
Listens to `channel`, when a new message arrives `listener` would be called with Listens to `channel`, when a new message arrives `listener` would be called with
`listener(event, args...)`. `listener(event, args...)`.
:::warning
Do not expose the `event` argument to the renderer for security reasons! Wrap any
callback that you receive from the renderer in another function like this:
`ipcRenderer.on('my-channel', (event, ...args) => callback(...args))`.
Not wrapping the callback in such a function would expose dangerous Electron APIs
to the renderer process. See the
[security guide](../tutorial/security.md#20-do-not-expose-electron-apis-to-untrusted-web-content)
for more info.
:::
### `ipcRenderer.off(channel, listener)` ### `ipcRenderer.off(channel, listener)`
* `channel` string * `channel` string