mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

docs: clarify default value of enableRemoteModule (#26170)

Browse source
This commit is contained in:
Erick Zhao 2020-10-29 03:33:59 -07:00 committed by GitHub
parent ff71d1cef6
commit 935f6396d5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
docs/tutorial/security.md
View file

@ -702,7 +702,11 @@ succeeding.
```js
// Bad if the renderer can run untrusted content
const mainWindow = new BrowserWindow({})
const mainWindow = new BrowserWindow({
webPreferences: {
enableRemoteModule: true
}
})
```
```js
@ -716,12 +720,17 @@ const mainWindow = new BrowserWindow({
```html
<!-- Bad if the renderer can run untrusted content -->
<webview src="page.html"></webview>
<webview enableremotemodule="true" src="page.html"></webview>
<!-- Good -->
<webview enableremotemodule="false" src="page.html"></webview>
```
> **Note:** The default value of `enableRemoteModule` is `false` starting
> from Electron 10. For prior versions, you need to explicitly disable
> the `remote` module by the means above.
## 16) Filter the `remote` module
If you cannot disable the `remote` module, you should filter the globals,