Baitinq
c4e3a1aad3
docs: Use Node's URL parser in the 5th security recommendation ( #33463 )
...
Rule 13 recommends using Node's URL parser for handling url inputs. At
the moment, this is not being followed in the code example for rule 5,
which falls back on checking that the url ends with a '/'. If this was
forgotten when a user copies this code it could introduce security
vulnerabilities if an attacker uses an URL in the following way:
"https://example.com.attacker.com "
Using Node's URL parser fixes this potential missuse and enables the
'/' to be omited from the code example.
Co-authored-by: Baitinq <you@example.com>
2022-03-28 14:25:44 -04:00
Samuel Attard
800b96fe14
docs: add new IPC validation section to the security tutorial ( #33369 )
...
* docs: add new IPC validation section to the security tutorial
* Update security.md
* Update docs/tutorial/security.md
Co-authored-by: Erick Zhao <erick@hotmail.ca>
* Update docs/tutorial/security.md
Co-authored-by: Erick Zhao <erick@hotmail.ca>
Co-authored-by: Erick Zhao <erick@hotmail.ca>
2022-03-22 20:45:23 -04:00
Jeremy Rose
4342b7ff55
chore: remove awkward semi-documented preloadURL WebPreference ( #33228 )
2022-03-16 16:23:41 -07:00
Erick Zhao
cc0eb7b908
docs: update checklists ( #32902 )
2022-02-16 09:47:32 -08:00
Daryl Haresign
265474882c
docs: Update Branch Name ( #31106 )
...
* docs: Update CI Badge Branch Name
The CI badges were still pointing at builds for the master branch, which
are stale since the rename to main.
* docs: Update electron/electron Branch Name
Update electron/electron branch name from master to main.
* docs: Update electron/governance Branch Name
Update electron/governance branch name from master to main.
2021-09-27 11:35:56 -04:00
Matthew Shen
c0e72bd335
docs: update to the use of arrow functions in line with the style guide ( #30194 )
...
* docs: Update to the use of arrow functions in line with the style guide
* docs: Fixed unmatched bracket typo in previous commit 9ebe3e58f7948c6636d77f3c58a2693683b69691
* fix linting
Co-authored-by: Cheng Zhao <zcbenz@gmail.com>
2021-08-02 10:57:37 +09:00
Jeremy Rose
d35fb2a2e3
docs: mention sandboxing in security docs ( #30147 )
2021-07-19 12:45:47 -07:00
Erick Zhao
8f8708680f
docs: rework sandbox guide ( #28978 )
...
* docs: rework sandbox guide
* update doc name
* add missing comment to code sample
* Update docs/tutorial/sandbox.md
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
* Update docs/tutorial/sandbox.md
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
* Update docs/tutorial/sandbox.md
Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com>
* load https in the examples
* change `process` docs to Electron's
* remove bit on chrome://sandbox page
* Update docs/tutorial/sandbox.md
Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
* Update docs/tutorial/sandbox.md
Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
* clarify sandbox default posture
* clarify tasks sandboxed renderers need ipc for
* clarify polyfilled preload environment
* emphasize that --no-sandbox is bad
* clarify preload polyfill `require`
* format markdown references properly
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com>
Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
2021-05-06 20:53:55 +09:00
Milan Burda
5b205731f6
chore: remove deprecated remote module ( #25734 )
...
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
2021-03-09 17:12:40 -08:00
Zhang Zhi
b11c5533e8
Update security.md ( #27449 )
2021-01-25 10:27:29 +09:00
David Sanders
18f004eab1
docs: fix relative link ( #26585 )
2020-11-19 16:06:32 +09:00
Shiranka Miskin
ec85a91472
docs: update contextIsolation documentation on access to globals ( #19732 )
2020-11-18 15:24:00 +09:00
loc
0b85fdf26c
feat: add webContents.setWindowOpenHandler API ( #24517 )
...
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
2020-11-10 09:06:03 -08:00
David Sanders
43dbd1bdf8
chore: cleanup whitespace in docs ( #26356 )
2020-11-05 14:12:43 -08:00
Erick Zhao
935f6396d5
docs: clarify default value of enableRemoteModule ( #26170 )
2020-10-29 19:33:59 +09:00
David Sanders
e6f570d191
docs: improve relative link linting and fix broken ( #26020 )
2020-10-20 10:46:27 +09:00
Samuel Attard
cf635c5fac
docs: add document on contextIsolation ( #23474 )
...
* docs: add document on contextIsolation
* fix lint
* chore: link ctx isolation doc from security doc
2020-05-11 13:01:32 -07:00
Kilian Valkhof
8dc4a20069
docs: fix typos in security.md ( #21665 )
2020-01-03 11:11:01 -05:00
Milan Burda
093f2dd4a6
chore: remove deprecated <webview>.getWebContents() ( #20986 )
2019-11-08 15:46:35 -05:00
ryanomor
0c87471c12
Fix typo ( #20450 )
2019-10-07 12:26:38 -04:00
Felix Rieseberg
334ea36f38
docs: Add recent Electron version to security checklist ( #20206 )
...
* docs: Add recent Electron version to security checklist
* Update docs/tutorial/security.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* Update docs/tutorial/security.md
Co-Authored-By: Pedro Pontes <pepontes@microsoft.com>
* Update docs/tutorial/security.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
2019-09-13 21:12:14 -04:00
Jeremy Apthorp
f537366387
test: move security warnings spec to main runner ( #20055 )
2019-09-03 16:02:22 +09:00
Carlos
fb214a599e
docs: update documentation under tutorials ( #19804 )
2019-08-20 09:45:25 -07:00
Micha Hanselmann
af3316707f
fix invalid lang tags ( #19513 )
2019-07-30 13:11:56 -07:00
Shelley Vohr
6d96f30ed3
refactor: make shell.OpenExternal async ( #17135 )
2019-05-03 13:53:45 -07:00
Milan Burda
2fd3029040
docs: update nodeIntegration section for new defaults ( #17715 )
2019-04-29 14:29:27 -07:00
Milan Burda
235eea6669
docs: add remote module to docs/tutorial/security.md ( #17480 )
2019-04-05 20:41:05 +02:00
Milan Burda
8cf15cc931
feat: only allow bundled preload scripts ( #17308 )
2019-03-28 11:38:51 +01:00
Milan Burda
a82bbd010e
build: strip trailing whitespace in docs ( #17488 )
2019-03-20 13:12:47 -07:00
Luca Carettoni
1bbb47be5b
docs: Improved security doc, particularly around isolation and tool ( #16703 )
...
* Improved security doc, particularly around isolation and tool
* Fixes as suggested by @ckerr
* libcc update
* fixing lint stuff
2019-02-27 10:09:38 -08:00
pol
c76459738e
docs: fix security doc url check ( #16775 )
2019-02-06 10:43:58 -08:00
Shelley Vohr
0881fd6397
feat: split openExternal into sync and async ( #16176 )
...
* feat: split openExternal into sync and async
* v8::Locker => mate::Locker
* fix: enter js env when resolving promise
2019-01-14 20:35:21 -08:00
Slapbox
d7d4b8638d
docs: makes note of HTTP header CSP usage with file:// ( #14768 )
2018-11-28 17:58:18 +09:00
Shelley Vohr
c9d0960f47
docs: remove unsafe eval section of security tutorial ( #15675 )
...
* docs: remove unsafe eval section of security tutorial
* lintfix
2018-11-12 11:13:48 -05:00
Masato Kinugawa
43a8b6039e
docs: Fix CSP header setting of sample code ( #15313 )
...
* Fix CSP header setting of sample code
Patch for #15310
* Update docs/tutorial/security.md
Co-Authored-By: masatokinugawa <masatokinugawa+github@gmail.com>
2018-10-23 10:38:48 -04:00
Samuel Attard
558fff69e7
chore: update to standard 12
2018-09-14 14:57:01 +10:00
Beni von Cheni
aef64c6f48
docs: chrome-command-line-switches.md: update proxy-server support ( #14198 )
...
* docs: chrome-command-line-switches.md: update proxy-server support
Per issue #12443 , the proxy URL in proxy-server switch would not
support username and password authentication.
* docs: security.md: correct checklist #14 markdown
When running "npm run lint:docs" script, linting warning suggests
"Broken links: #13-disable-or-limit-creation-of-new-windows". Update
accordingly to #14 .
2018-08-19 12:34:14 -07:00
Anders Kaseorg
466fe816d5
docs: security.md: Fix navigation lockdown example code ( #14185 )
...
The `url` module is not a constructor; change `require('url')` to
`require('url').URL`. Also, check the entire origin rather than just
the hostname, since otherwise `http://my-own-server.com ` is allowed in
addition to `https://my-own-server.com `, in violation of point 1 (only
load secure content).
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-18 19:41:55 -07:00
GhostlyDark
9005803667
Fix typos ( #13999 )
2018-08-09 10:04:03 -05:00
Felix Rieseberg
a99cc969b5
📝 Update security docs: will-navigate, new-window ( #13884 )
2018-07-31 13:40:26 -05:00
Aleksei Kuzmin
3b2424b4c8
docs: update an estimate of how much we are behind Chromium
2018-07-25 16:35:17 +02:00
Shelley Vohr
6045d1218a
refactor: remove experimentalCanvasFeatures property ( #13684 )
2018-07-16 13:32:42 -07:00
Christian Schmidt
cdd2bab7d5
Fix links to webview.md
2018-06-21 16:39:07 +02:00
Zeke Sikelianos
0802f82356
doc: add CSP examples ( #13167 )
...
* doc: add CSP examples
* Deafult to zero-permissions CSP
2018-06-20 10:36:37 +10:00
Shelley Vohr
5f5322c64e
rename blinkFeatures to enableBlinkFeatures
2018-05-23 14:01:34 -07:00
Charles Kerr
4d078fdb03
Remove more words ( #12852 )
...
* remove 'basically' from docs
* remove 'simply' from docs
* remove most uses of 'just' from docs
2018-05-08 00:16:09 -05:00
David Chawei Hsu
091ddb3c34
Fixed several broken links to the sections ( #12797 )
2018-05-02 21:51:37 -05:00
Charles Kerr
c81dac774a
Fix some broken documentation links ( #12794 )
2018-05-02 10:33:07 -05:00
Jeremy Apthorp
22da843efa
s/now/not/ in allowRunningInsecureContent documentation ( #12452 )
2018-03-28 10:15:29 +11:00
Samuel Attard
35cc197d0b
Quick typo ( #12040 )
2018-02-25 09:11:18 -06:00