* build(deps): update @electron/lint-roller
* chore: type check JS in docs
* docs: add @ts-check and @ts-expect-error to code blocks
* chore: fix type check errors in docs
* chore: add ts-type to blocks
Update security.md
Under "4. Process Sandboxing", it said "For mor information on what `contextIsolation` is..." which was the previous section (copied from there). This updates it to say "For more information on what Process Sandboxing is..."
Rule 13 recommends using Node's URL parser for handling url inputs. At
the moment, this is not being followed in the code example for rule 5,
which falls back on checking that the url ends with a '/'. If this was
forgotten when a user copies this code it could introduce security
vulnerabilities if an attacker uses an URL in the following way:
"https://example.com.attacker.com"
Using Node's URL parser fixes this potential missuse and enables the
'/' to be omited from the code example.
Co-authored-by: Baitinq <you@example.com>
* docs: Update CI Badge Branch Name
The CI badges were still pointing at builds for the master branch, which
are stale since the rename to main.
* docs: Update electron/electron Branch Name
Update electron/electron branch name from master to main.
* docs: Update electron/governance Branch Name
Update electron/governance branch name from master to main.
* docs: Update to the use of arrow functions in line with the style guide
* docs: Fixed unmatched bracket typo in previous commit 9ebe3e58f7948c6636d77f3c58a2693683b69691
* fix linting
Co-authored-by: Cheng Zhao <zcbenz@gmail.com>
* docs: Add recent Electron version to security checklist
* Update docs/tutorial/security.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* Update docs/tutorial/security.md
Co-Authored-By: Pedro Pontes <pepontes@microsoft.com>
* Update docs/tutorial/security.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* docs: chrome-command-line-switches.md: update proxy-server support
Per issue #12443, the proxy URL in proxy-server switch would not
support username and password authentication.
* docs: security.md: correct checklist #14 markdown
When running "npm run lint:docs" script, linting warning suggests
"Broken links: #13-disable-or-limit-creation-of-new-windows". Update
accordingly to #14.
The `url` module is not a constructor; change `require('url')` to
`require('url').URL`. Also, check the entire origin rather than just
the hostname, since otherwise `http://my-own-server.com` is allowed in
addition to `https://my-own-server.com`, in violation of point 1 (only
load secure content).
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
