mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

chore: type check JS in docs (#38423)

Browse source 
* build(deps): update @electron/lint-roller

* chore: type check JS in docs

* docs: add @ts-check and @ts-expect-error to code blocks

* chore: fix type check errors in docs

* chore: add ts-type to blocks
This commit is contained in:
David Sanders 2023-06-05 15:26:26 +08:00 committed by GitHub
parent 4c89061e0e
commit 905aad9cb6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
49 changed files with 257 additions and 182 deletions
Download patch file Download diff file Expand all files Collapse all files

15
docs/tutorial/security.md
View file

@ -141,7 +141,7 @@ like `HTTP`. Similarly, we recommend the use of `WSS` over `WS`, `FTPS` over
#### How?
```js title='main.js (Main Process)'
```js title='main.js (Main Process)' @ts-type={browserWindow:Electron.BrowserWindow}
// Bad
browserWindow.loadURL('http://example.com')
@ -278,7 +278,7 @@ security-conscious developers might want to assume the very opposite.
```js title='main.js (Main Process)'
const { session } = require('electron')
const URL = require('url').URL
const { URL } = require('url')
session
.fromPartition('some-partition')
@ -608,7 +608,8 @@ sometimes be fooled - a `startsWith('https://example.com')` test would let
`https://example.com.attacker.com` through.
```js title='main.js (Main Process)'
const URL = require('url').URL
const { URL } = require('url')
const { app } = require('electron')
app.on('web-contents-created', (event, contents) => {
contents.on('will-navigate', (event, navigationUrl) => {
@ -647,8 +648,8 @@ receive, amongst other parameters, the `url` the window was requested to open
and the options used to create it. We recommend that you register a handler to
monitor the creation of windows, and deny any unexpected window creation.
```js title='main.js (Main Process)'
const { shell } = require('electron')
```js title='main.js (Main Process)' @ts-type={isSafeForExternalOpen:(url:string)=>boolean}
const { app, shell } = require('electron')
app.on('web-contents-created', (event, contents) => {
contents.setWindowOpenHandler(({ url }) => {
@ -683,7 +684,7 @@ leveraged to execute arbitrary commands.
#### How?
```js title='main.js (Main Process)'
```js title='main.js (Main Process)' @ts-type={USER_CONTROLLED_DATA_HERE:string}
// Bad
const { shell } = require('electron')
shell.openExternal(USER_CONTROLLED_DATA_HERE)
@ -739,7 +740,7 @@ You should be validating the `sender` of **all** IPC messages by default.
#### How?
```js title='main.js (Main Process)'
```js title='main.js (Main Process)' @ts-type={getSecrets:()=>unknown}
// Bad
ipcMain.handle('get-secrets', () => {
return getSecrets()