mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

chore: fix lint:js-in-markdown script (#38260)

Browse source
This commit is contained in:
David Sanders 2023-05-15 00:58:35 -07:00 committed by GitHub
parent 0149ae72e6
commit eeb1e7d499
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
26 changed files with 1078 additions and 586 deletions
Download patch file Download diff file Expand all files Collapse all files

16
docs/tutorial/security.md
View file

@ -742,19 +742,19 @@ You should be validating the `sender` of **all** IPC messages by default.
```js title='main.js (Main Process)'
// Bad
ipcMain.handle('get-secrets', () => {
return getSecrets();
});
return getSecrets()
})
// Good
ipcMain.handle('get-secrets', (e) => {
if (!validateSender(e.senderFrame)) return null;
return getSecrets();
});
if (!validateSender(e.senderFrame)) return null
return getSecrets()
})
function validateSender(frame) {
function validateSender (frame) {
// Value the host of the URL using an actual URL parser and an allowlist
if ((new URL(frame.url)).host === 'electronjs.org') return true;
return false;
if ((new URL(frame.url)).host === 'electronjs.org') return true
return false
}
```