docs: explain ipcRenderer behavior in context-bridge.md (#43585)

* docs: explain ipcRenderer behavior in context-bridge.md

Co-authored-by: Kilian Valkhof <kilian@kilianvalkhof.com>

* Update context-bridge.md

Co-authored-by: Kilian Valkhof <kilian@kilianvalkhof.com>

* Update context-bridge.md

Co-authored-by: Kilian Valkhof <kilian@kilianvalkhof.com>

* Update docs/api/context-bridge.md

Co-authored-by: Erik Moura <erikian@erikian.dev>

Co-authored-by: Kilian Valkhof <kilian@kilianvalkhof.com>

* Update context-bridge.md

Co-authored-by: Kilian Valkhof <kilian@kilianvalkhof.com>

* Update context-bridge.md

Co-authored-by: Kilian Valkhof <kilian@kilianvalkhof.com>

* Update context-bridge.md

Co-authored-by: Kilian Valkhof <kilian@kilianvalkhof.com>

* Update docs/api/context-bridge.md

Co-authored-by: Erick Zhao <erick@hotmail.ca>

Co-authored-by: Kilian Valkhof <kilian@kilianvalkhof.com>

* Update docs/api/context-bridge.md

Co-authored-by: David Sanders <dsanders11@ucsbalum.com>

Co-authored-by: Kilian Valkhof <kilian@kilianvalkhof.com>

---------

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Kilian Valkhof <kilian@kilianvalkhof.com>
This commit is contained in:
trop[bot] 2024-09-05 17:05:19 -04:00 committed by GitHub
parent 722bc116f8
commit 98c7dfbdaf
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -138,6 +138,25 @@ has been included below for completeness:
If the type you care about is not in the above table, it is probably not supported.
### Exposing ipcRenderer
Attempting to send the entire `ipcRenderer` module as an object over the `contextBridge` will result in
an empty object on the receiving side of the bridge. Sending over `ipcRenderer` in full can let any
code send any message, which is a security footgun. To interact through `ipcRenderer`, provide a safe wrapper
like below:
```js
// Preload (Isolated World)
contextBridge.exposeInMainWorld('electron', {
onMyEventName: (callback) => ipcRenderer.on('MyEventName', (e, ...args) => callback(args))
})
```
```js @ts-nocheck
// Renderer (Main World)
window.electron.onMyEventName(data => { /* ... */ })
```
### Exposing Node Global Symbols
The `contextBridge` can be used by the preload script to give your renderer access to Node APIs.