docs: clarify default value of enableRemoteModule (#26170)

This commit is contained in:
Erick Zhao 2020-10-29 03:33:59 -07:00 committed by GitHub
parent ff71d1cef6
commit 935f6396d5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -702,7 +702,11 @@ succeeding.
```js
// Bad if the renderer can run untrusted content
const mainWindow = new BrowserWindow({})
const mainWindow = new BrowserWindow({
webPreferences: {
enableRemoteModule: true
}
})
```
```js
@ -716,12 +720,17 @@ const mainWindow = new BrowserWindow({
```html
<!-- Bad if the renderer can run untrusted content -->
<webview src="page.html"></webview>
<webview enableremotemodule="true" src="page.html"></webview>
<!-- Good -->
<webview enableremotemodule="false" src="page.html"></webview>
```
> **Note:** The default value of `enableRemoteModule` is `false` starting
> from Electron 10. For prior versions, you need to explicitly disable
> the `remote` module by the means above.
## 16) Filter the `remote` module
If you cannot disable the `remote` module, you should filter the globals,