* docs: add clipboard paste Fiddle example
* docs: add clipboard copy Fiddle example
* docs: add appropriate title to Fiddles
Co-Authored-By: John Kleinschmidt <jkleinsc@github.com>
* refactor: use v8 serialization for ipc
* cloning process.env doesn't work
* serialize host objects by enumerating key/values
* new serialization can handle NaN, Infinity, and undefined correctly
* can't allocate v8 objects during GC
* backport microtasks fix
* fix compile
* fix node_stream_loader reentrancy
* update subframe spec to expect undefined instead of null
* write undefined instead of crashing when serializing host objects
* fix webview spec
* fix download spec
* buffers are transformed into uint8arrays
* can't serialize promises
* fix chrome.i18n.getMessage
* fix devtools tests
* fix zoom test
* fix debug build
* fix lint
* update ipcRenderer tests
* fix printToPDF test
* update patch
* remove accidentally re-added remote-side spec
* wip
* don't attempt to serialize host objects
* jump through different hoops to set options.webContents sometimes
* whoops
* fix lint
* clean up error-handling logic
* fix memory leak
* fix lint
* convert host objects using old base::Value serialization
* fix lint more
* fall back to base::Value-based serialization
* remove commented-out code
* add docs to breaking-changes.md
* Update breaking-changes.md
* update ipcRenderer and WebContents docs
* lint
* use named values for format tag
* save a memcpy for ~30% speedup
* get rid of calls to ShallowClone
* extra debugging for paranoia
* d'oh, use the correct named tags
* apparently msstl doesn't like this DCHECK
* funny story about that DCHECK
* disable remote-related functions when enable_remote_module = false
* nits
* use EnableIf to disable remote methods in mojom
* fix include
* review comments
Versions didn't show and I was getting errors in the Developer Tools: `Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'"`. The cause is probably that Chrome has implemented extra security since this tutorial was created. Added 'unsafe-inline' and it works.
Exposing these in the renderer didn't make sense as they weren't backed
by the same instance / value store. This API should be browser only
especially now that we have nativeTheme.themeSource. Exposing in
//common was a mistake from the beginning.
* docs: Add recent Electron version to security checklist
* Update docs/tutorial/security.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* Update docs/tutorial/security.md
Co-Authored-By: Pedro Pontes <pepontes@microsoft.com>
* Update docs/tutorial/security.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* feat: add nativeTheme.shouldUseDarkColorsOverride to allow apps to override Chromiums theme choice
* spec: add tests for shouldUseDarkColorsOverride
* chore: add missing forward declarations
* refactor: rename overrideShouldUseDarkColors to themeSource
* chore: only run appLevelAppearance specs on Mojave and up
* chore: update patch with more info and no define
* Update spec-main/api-native-theme-spec.ts
Co-Authored-By: Jeremy Apthorp <jeremya@chromium.org>
* Update api-native-theme-spec.ts
* Update api-native-theme-spec.ts
* Update api-native-theme-spec.ts
* test: tsify more WebContents specs
* getFocusedWebContents
* setDevToolsWebContents, isFocused, isCurrentlyAudible
* getWebPreferences, openDevTools
* before-input-event
* zoom-changed
* sendInputEvent
* insertCSS
* startDrag
* focus, getOSProcessId
* zoom api
* more closeAllWindows
* fix detached dev tools test
* fix zoom-changed test
* compare the correct kind of id 🤦♂️
* 'fix' openDevTools test to wait for multiple focus events
* fix tests? 🤞
* use request instead of blur to detect openExternal success
* try not timing out the keychain for testing
* use blur event on mac, sigh
* oh, right, still gotta open an actual url
I've asked #19775 because I was frustrated with how hard it was to find a way to fix (instead of hide) the CSP warning in Electron and I complained that even the official quick start guide wasn't compliant with the security checklist at https://electronjs.org/docs/tutorial/security. Someone helped me out with a CSP meta tag which I have later noticed is indeed mentioned in the checklist, too: https://electronjs.org/docs/tutorial/security#csp-meta-tag. I have not used the checklist one verbatim because it prevents a `script` tag from working when serving `index.html` through the `file:` protocol as the quick start does. I instead used the one the person in my issue recommended which seems to work well to me. I am not that well versed in CSP so there might be a better policy to include with the quick start, but this is what I've got for now.
Sometimes it's necessary to convey more information about the window to screen reader users only (simply putting everything to the window title might be unnecessarily noisy).
For example, Chromium uses that technique to tell screen reader users that the window is in incognito mode (the incognito window looks differently and doesn't have «incognito» in the title, but for blind users the screen reader will announce that it's incognito).
In the `dialog` documentation (and the generated typings in `electron.d.ts`), it is mentionned that the `icon` property only supports `NativeImage`, but the `nativeImage` documentation says that:
```
In Electron, for the APIs that take images, you can pass either file paths or NativeImage
```