Commit graph

58 commits

Author SHA1 Message Date
Anders Kaseorg
466fe816d5 docs: security.md: Fix navigation lockdown example code (#14185)
The `url` module is not a constructor; change `require('url')` to
`require('url').URL`. Also, check the entire origin rather than just
the hostname, since otherwise `http://my-own-server.com` is allowed in
addition to `https://my-own-server.com`, in violation of point 1 (only
load secure content).

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-18 19:41:55 -07:00
GhostlyDark
9005803667 Fix typos (#13999) 2018-08-09 10:04:03 -05:00
Felix Rieseberg
a99cc969b5 📝 Update security docs: will-navigate, new-window (#13884) 2018-07-31 13:40:26 -05:00
Aleksei Kuzmin
3b2424b4c8 docs: update an estimate of how much we are behind Chromium 2018-07-25 16:35:17 +02:00
Shelley Vohr
6045d1218a
refactor: remove experimentalCanvasFeatures property (#13684) 2018-07-16 13:32:42 -07:00
Christian Schmidt
cdd2bab7d5
Fix links to webview.md 2018-06-21 16:39:07 +02:00
Zeke Sikelianos
0802f82356 doc: add CSP examples (#13167)
* doc: add CSP examples

* Deafult to zero-permissions CSP
2018-06-20 10:36:37 +10:00
Shelley Vohr
5f5322c64e
rename blinkFeatures to enableBlinkFeatures 2018-05-23 14:01:34 -07:00
Charles Kerr
4d078fdb03
Remove more words (#12852)
* remove 'basically' from docs

* remove 'simply' from docs

* remove most uses of 'just' from docs
2018-05-08 00:16:09 -05:00
David Chawei Hsu
091ddb3c34 Fixed several broken links to the sections (#12797) 2018-05-02 21:51:37 -05:00
Charles Kerr
c81dac774a
Fix some broken documentation links (#12794) 2018-05-02 10:33:07 -05:00
Jeremy Apthorp
22da843efa s/now/not/ in allowRunningInsecureContent documentation (#12452) 2018-03-28 10:15:29 +11:00
Samuel Attard
35cc197d0b Quick typo (#12040) 2018-02-25 09:11:18 -06:00
Vanessa Yuen
8e51659237
Merge pull request #11966 from electron/documentation-overhaul
Documentation Overhaul
2018-02-21 20:51:52 +01:00
Felix Rieseberg
037ee0cff3 📝 Fix the fix 2018-02-19 18:38:59 -06:00
Felix Rieseberg
64fc523977 📝 Fix dead links 2018-02-19 18:25:02 -06:00
Per Lundberg
8375d21cae
security.md: Update security recommendation checklist 2018-02-19 23:07:03 +02:00
John Eismeier
8d55334016 Propose fix some typos (#11905) 2018-02-13 00:18:27 -05:00
Felix Rieseberg
d586ef2f39 feature: Hot security tips (#11810)
* 🔧 Add security issue detection (and logs)

* 🔧 Check for it on load

* 👷 Add some tests

* 👷 Make the linter happy

* 🔧 Allow them to be enabled by force

* 📝 Make message slightly prettier

* 🔧 Fix a typo in the code comment

* 🔧 Classic mistake

* 🚀 Optimize things a bit more

* 👷 Add tests, fix tests

* 📝 Document things

* 🔧 Make linter happy

* 🔧 One more piece of cleanup
2018-02-03 07:50:12 -07:00
Felix Rieseberg
ce969c9326 📝 Fix some errors 2018-02-01 09:58:02 -08:00
Felix Rieseberg
93dc38a17b 👷 Put ESLint's mind at ease 2018-01-29 16:27:41 -08:00
Felix Rieseberg
d8d19baad3 ❤️ Even more feedback 2018-01-29 16:02:39 -08:00
Felix Rieseberg
1e1729adad ❤️ More feedback 2018-01-29 16:01:05 -08:00
Felix Rieseberg
8f685e9329 👷 Linter errors 2018-01-29 12:36:51 -08:00
Felix Rieseberg
8804b09188 ❤️ Implement @zeke’s feedback 2018-01-29 12:34:46 -08:00
Felix Rieseberg
536ff0b7e2 👷 Fix failed test 2018-01-29 11:29:15 -08:00
Felix Rieseberg
fb8606dd0c 📝 General cleanup 2018-01-29 11:19:43 -08:00
Felix Rieseberg
c4dc8dacbf 📝 Context Isolation 2018-01-29 11:19:21 -08:00
Felix Rieseberg
4cb22dd2ff 📝 allowpopups 2018-01-29 11:04:02 -08:00
Felix Rieseberg
cdb20d2692 🔧 WebSecurity 2018-01-29 11:03:51 -08:00
Felix Rieseberg
7e79ae750f 📝 Blink Features 2018-01-29 11:03:38 -08:00
Felix Rieseberg
39e0efd9a4 📝 Experimental Features 2018-01-29 11:03:27 -08:00
Felix Rieseberg
e73f142adc 📝 allowRunningInsecureContent 2018-01-29 11:03:06 -08:00
Felix Rieseberg
5418866e87 📝 eval() 2018-01-29 11:02:52 -08:00
Felix Rieseberg
c793ee3aeb 📝 Content Security Policy 2018-01-29 11:02:30 -08:00
Felix Rieseberg
a5c900ac7a 📝 Context Isolation 2018-01-29 11:01:22 -08:00
Felix Rieseberg
f790c24c27 📝 Verify WebView creation 2018-01-28 18:19:49 -08:00
Felix Rieseberg
d67c64b6fa 📝 Disable Node Integration 2018-01-28 17:25:05 -08:00
Felix Rieseberg
2db125890c 📝 Secure content 2018-01-28 16:55:11 -08:00
Tiago Danin
74769da9a7 [Docs] Fix URLs and Paths (#11584)
* Fix URLs and Paths in docs/

* Avoiding link break to /docs/development/updgrading-chrome.md

* Fix URLs and Paths in docs/ #2

* Removed double spaces in docs
2018-01-12 10:24:48 -05:00
Kevin Sawicki
27a4522d65 Add will-attach-webview advice to security.md 2017-05-17 13:56:19 -07:00
Kevin Sawicki
1933a4fc9f Remove global Buffer mention now handled as require wrapper 2017-02-14 08:42:34 -08:00
Kevin Sawicki
5e78330c6d Merge pull request #8540 from electron/SECURITY.md
Add SECURITY.md
2017-02-10 13:27:50 -08:00
Cheng Zhao
2e0780308c allowDisplayingInsecureContent is removed by Chrome 2017-02-06 10:34:29 -08:00
Zeke Sikelianos
f0882a5058 use consistent headings 2017-01-30 10:57:53 -08:00
Zeke Sikelianos
1945771f37 Add SECURITY.md 2017-01-30 10:49:17 -08:00
Yuya Ochiai
11f2574fda 📝 Add to security checklist about permission requests
If the handler is not set, remote content can access to user's
information without allowing the permission. e.g. UserMedia
[ci skip]
2017-01-20 23:58:21 +09:00
Yuya Ochiai
a7a3aa848e 📝 Fix typo
[ci skip]
2017-01-20 23:45:48 +09:00
Kevin Sawicki
3ac6019f42 Mention context isolation 2017-01-16 12:38:16 -08:00
Amitoj
4ff73d8b56 📝 Small tweaks
[ci skip] Remove ambiguous default value of nodeintegration.
Issue #6939
2016-10-19 13:38:46 +05:30