Anders Kaseorg
466fe816d5
docs: security.md: Fix navigation lockdown example code ( #14185 )
...
The `url` module is not a constructor; change `require('url')` to
`require('url').URL`. Also, check the entire origin rather than just
the hostname, since otherwise `http://my-own-server.com ` is allowed in
addition to `https://my-own-server.com `, in violation of point 1 (only
load secure content).
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-18 19:41:55 -07:00
GhostlyDark
9005803667
Fix typos ( #13999 )
2018-08-09 10:04:03 -05:00
Felix Rieseberg
a99cc969b5
📝 Update security docs: will-navigate, new-window ( #13884 )
2018-07-31 13:40:26 -05:00
Aleksei Kuzmin
3b2424b4c8
docs: update an estimate of how much we are behind Chromium
2018-07-25 16:35:17 +02:00
Shelley Vohr
6045d1218a
refactor: remove experimentalCanvasFeatures property ( #13684 )
2018-07-16 13:32:42 -07:00
Christian Schmidt
cdd2bab7d5
Fix links to webview.md
2018-06-21 16:39:07 +02:00
Zeke Sikelianos
0802f82356
doc: add CSP examples ( #13167 )
...
* doc: add CSP examples
* Deafult to zero-permissions CSP
2018-06-20 10:36:37 +10:00
Shelley Vohr
5f5322c64e
rename blinkFeatures to enableBlinkFeatures
2018-05-23 14:01:34 -07:00
Charles Kerr
4d078fdb03
Remove more words ( #12852 )
...
* remove 'basically' from docs
* remove 'simply' from docs
* remove most uses of 'just' from docs
2018-05-08 00:16:09 -05:00
David Chawei Hsu
091ddb3c34
Fixed several broken links to the sections ( #12797 )
2018-05-02 21:51:37 -05:00
Charles Kerr
c81dac774a
Fix some broken documentation links ( #12794 )
2018-05-02 10:33:07 -05:00
Jeremy Apthorp
22da843efa
s/now/not/ in allowRunningInsecureContent documentation ( #12452 )
2018-03-28 10:15:29 +11:00
Samuel Attard
35cc197d0b
Quick typo ( #12040 )
2018-02-25 09:11:18 -06:00
Vanessa Yuen
8e51659237
Merge pull request #11966 from electron/documentation-overhaul
...
Documentation Overhaul
2018-02-21 20:51:52 +01:00
Felix Rieseberg
037ee0cff3
📝 Fix the fix
2018-02-19 18:38:59 -06:00
Felix Rieseberg
64fc523977
📝 Fix dead links
2018-02-19 18:25:02 -06:00
Per Lundberg
8375d21cae
security.md: Update security recommendation checklist
2018-02-19 23:07:03 +02:00
John Eismeier
8d55334016
Propose fix some typos ( #11905 )
2018-02-13 00:18:27 -05:00
Felix Rieseberg
d586ef2f39
feature: Hot security tips ( #11810 )
...
* 🔧 Add security issue detection (and logs)
* 🔧 Check for it on load
* 👷 Add some tests
* 👷 Make the linter happy
* 🔧 Allow them to be enabled by force
* 📝 Make message slightly prettier
* 🔧 Fix a typo in the code comment
* 🔧 Classic mistake
* 🚀 Optimize things a bit more
* 👷 Add tests, fix tests
* 📝 Document things
* 🔧 Make linter happy
* 🔧 One more piece of cleanup
2018-02-03 07:50:12 -07:00
Felix Rieseberg
ce969c9326
📝 Fix some errors
2018-02-01 09:58:02 -08:00
Felix Rieseberg
93dc38a17b
👷 Put ESLint's mind at ease
2018-01-29 16:27:41 -08:00
Felix Rieseberg
d8d19baad3
❤️ Even more feedback
2018-01-29 16:02:39 -08:00
Felix Rieseberg
1e1729adad
❤️ More feedback
2018-01-29 16:01:05 -08:00
Felix Rieseberg
8f685e9329
👷 Linter errors
2018-01-29 12:36:51 -08:00
Felix Rieseberg
8804b09188
❤️ Implement @zeke’s feedback
2018-01-29 12:34:46 -08:00
Felix Rieseberg
536ff0b7e2
👷 Fix failed test
2018-01-29 11:29:15 -08:00
Felix Rieseberg
fb8606dd0c
📝 General cleanup
2018-01-29 11:19:43 -08:00
Felix Rieseberg
c4dc8dacbf
📝 Context Isolation
2018-01-29 11:19:21 -08:00
Felix Rieseberg
4cb22dd2ff
📝 allowpopups
2018-01-29 11:04:02 -08:00
Felix Rieseberg
cdb20d2692
🔧 WebSecurity
2018-01-29 11:03:51 -08:00
Felix Rieseberg
7e79ae750f
📝 Blink Features
2018-01-29 11:03:38 -08:00
Felix Rieseberg
39e0efd9a4
📝 Experimental Features
2018-01-29 11:03:27 -08:00
Felix Rieseberg
e73f142adc
📝 allowRunningInsecureContent
2018-01-29 11:03:06 -08:00
Felix Rieseberg
5418866e87
📝 eval()
2018-01-29 11:02:52 -08:00
Felix Rieseberg
c793ee3aeb
📝 Content Security Policy
2018-01-29 11:02:30 -08:00
Felix Rieseberg
a5c900ac7a
📝 Context Isolation
2018-01-29 11:01:22 -08:00
Felix Rieseberg
f790c24c27
📝 Verify WebView creation
2018-01-28 18:19:49 -08:00
Felix Rieseberg
d67c64b6fa
📝 Disable Node Integration
2018-01-28 17:25:05 -08:00
Felix Rieseberg
2db125890c
📝 Secure content
2018-01-28 16:55:11 -08:00
Tiago Danin
74769da9a7
[Docs] Fix URLs and Paths ( #11584 )
...
* Fix URLs and Paths in docs/
* Avoiding link break to /docs/development/updgrading-chrome.md
* Fix URLs and Paths in docs/ #2
* Removed double spaces in docs
2018-01-12 10:24:48 -05:00
Kevin Sawicki
27a4522d65
Add will-attach-webview advice to security.md
2017-05-17 13:56:19 -07:00
Kevin Sawicki
1933a4fc9f
Remove global Buffer mention now handled as require wrapper
2017-02-14 08:42:34 -08:00
Kevin Sawicki
5e78330c6d
Merge pull request #8540 from electron/SECURITY.md
...
Add SECURITY.md
2017-02-10 13:27:50 -08:00
Cheng Zhao
2e0780308c
allowDisplayingInsecureContent is removed by Chrome
2017-02-06 10:34:29 -08:00
Zeke Sikelianos
f0882a5058
use consistent headings
2017-01-30 10:57:53 -08:00
Zeke Sikelianos
1945771f37
Add SECURITY.md
2017-01-30 10:49:17 -08:00
Yuya Ochiai
11f2574fda
📝 Add to security checklist about permission requests
...
If the handler is not set, remote content can access to user's
information without allowing the permission. e.g. UserMedia
[ci skip]
2017-01-20 23:58:21 +09:00
Yuya Ochiai
a7a3aa848e
📝 Fix typo
...
[ci skip]
2017-01-20 23:45:48 +09:00
Kevin Sawicki
3ac6019f42
Mention context isolation
2017-01-16 12:38:16 -08:00
Amitoj
4ff73d8b56
📝 Small tweaks
...
[ci skip] Remove ambiguous default value of nodeintegration.
Issue #6939
2016-10-19 13:38:46 +05:30