Commit graph

109 commits

Author SHA1 Message Date
voidfill
7a6a2a51e0
docs: fix info admonitions in security.md (#42451) 2024-06-12 11:38:21 -05:00
David Sanders
c6845b0afc
chore: update @electron/lint-roller to 2.2.0 (#42412) 2024-06-10 10:14:03 -05:00
Kilian Valkhof
3ec04fd449
docs: add note about fuses to our security documentation (#41210)
* Add note about fuses to our security documentation

Additionally, add the missing #18 to the ToC.

* lint issues for security.md

* Update docs/tutorial/security.md

Co-authored-by: Felix Rieseberg <fr@makenotion.com>

* move reference links to bottom of security.md

---------

Co-authored-by: Felix Rieseberg <fr@makenotion.com>
2024-02-02 17:28:36 -06:00
Jeremy Rose
15c6014324
feat: replace BrowserView with WebContentsView (#35658) 2023-12-13 13:01:03 -08:00
David Sanders
3d2a754531
chore: extend linting of code blocks in the docs (#40245)
* chore: extend linting of code blocks in the docs

* chore: combine lint:markdownlint and lint:markdown scripts
2023-11-21 16:50:08 +09:00
Samuel Attard
d504d150ef
feat: add new fuse to treat file: identically to browsers (#40372) 2023-11-09 10:23:52 -08:00
David Sanders
905aad9cb6
chore: type check JS in docs (#38423)
* build(deps): update @electron/lint-roller

* chore: type check JS in docs

* docs: add @ts-check and @ts-expect-error to code blocks

* chore: fix type check errors in docs

* chore: add ts-type to blocks
2023-06-05 16:26:26 +09:00
David Sanders
eeb1e7d499
chore: fix lint:js-in-markdown script (#38260) 2023-05-15 09:58:35 +02:00
David Sanders
d1cddf2517
docs: update github.com links (#37958) 2023-04-15 21:20:59 -07:00
David Sanders
4415b7638a
chore: enforce consistent Markdown style for strong and emphasis (#37787) 2023-04-03 13:20:10 +02:00
Alexander Prinzhorn
9719cea250
docs: remove claim that HTTPS authenticates the remote server (#35526)
Update security.md

I don't think this is accurate. This is not a feature of HTTPS. This would require certificate pinning. It has been in the security docs since 2db125890c

Related

https://github.com/electron/electron/issues/3330
https://www.npmjs.com/package/electron-ssl-pinning
https://cheatsheetseries.owasp.org/cheatsheets/Pinning_Cheat_Sheet.html
2022-09-21 16:19:04 -04:00
Sebastian Vittersø
b1d7b30ca3
docs: fix wording mistake in security.md section 4 (#35682)
Update security.md

Under "4. Process Sandboxing", it said "For mor information on what `contextIsolation` is..." which was the previous section (copied from there). This updates it to say "For more information on what Process Sandboxing is..."
2022-09-20 11:14:44 -04:00
Aryan Shridhar
f244e75927
docs: add IPC validation guideline link in checklist (#35573) 2022-09-13 13:56:41 -07:00
Samuel Attard
2d0ad04354
docs: update security guide regarding ctx isolation (#33807) 2022-04-18 10:09:54 -04:00
Baitinq
c4e3a1aad3
docs: Use Node's URL parser in the 5th security recommendation (#33463)
Rule 13 recommends using Node's URL parser for handling url inputs. At
the moment, this is not being followed in the code example for rule 5,
which falls back on checking that the url ends with a '/'. If this was
forgotten when a user copies this code it could introduce security
vulnerabilities if an attacker uses an URL in the following way:

"https://example.com.attacker.com"

Using Node's URL parser fixes this potential missuse and enables the
'/' to be omited from the code example.

Co-authored-by: Baitinq <you@example.com>
2022-03-28 14:25:44 -04:00
Samuel Attard
800b96fe14
docs: add new IPC validation section to the security tutorial (#33369)
* docs: add new IPC validation section to the security tutorial

* Update security.md

* Update docs/tutorial/security.md

Co-authored-by: Erick Zhao <erick@hotmail.ca>

* Update docs/tutorial/security.md

Co-authored-by: Erick Zhao <erick@hotmail.ca>

Co-authored-by: Erick Zhao <erick@hotmail.ca>
2022-03-22 20:45:23 -04:00
Jeremy Rose
4342b7ff55
chore: remove awkward semi-documented preloadURL WebPreference (#33228) 2022-03-16 16:23:41 -07:00
Erick Zhao
cc0eb7b908
docs: update checklists (#32902) 2022-02-16 09:47:32 -08:00
Daryl Haresign
265474882c
docs: Update Branch Name (#31106)
* docs: Update CI Badge Branch Name

The CI badges were still pointing at builds for the master branch, which
are stale since the rename to main.

* docs: Update electron/electron Branch Name

Update electron/electron branch name from master to main.

* docs: Update electron/governance Branch Name

Update electron/governance branch name from master to main.
2021-09-27 11:35:56 -04:00
Matthew Shen
c0e72bd335
docs: update to the use of arrow functions in line with the style guide (#30194)
* docs: Update to the use of arrow functions in line with the style guide

* docs: Fixed unmatched bracket typo in previous commit 9ebe3e58f7948c6636d77f3c58a2693683b69691

* fix linting

Co-authored-by: Cheng Zhao <zcbenz@gmail.com>
2021-08-02 10:57:37 +09:00
Jeremy Rose
d35fb2a2e3
docs: mention sandboxing in security docs (#30147) 2021-07-19 12:45:47 -07:00
Erick Zhao
8f8708680f
docs: rework sandbox guide (#28978)
* docs: rework sandbox guide

* update doc name

* add missing comment to code sample

* Update docs/tutorial/sandbox.md

Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>

* Update docs/tutorial/sandbox.md

Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>

* Update docs/tutorial/sandbox.md

Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com>

* load https in the examples

* change `process` docs to Electron's

* remove bit on chrome://sandbox page

* Update docs/tutorial/sandbox.md

Co-authored-by: Jeremy Rose <nornagon@nornagon.net>

* Update docs/tutorial/sandbox.md

Co-authored-by: Jeremy Rose <nornagon@nornagon.net>

* clarify sandbox default posture

* clarify tasks sandboxed renderers need ipc for

* clarify polyfilled preload environment

* emphasize that --no-sandbox is bad

* clarify preload polyfill `require`

* format markdown references properly

Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com>
Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
2021-05-06 20:53:55 +09:00
Milan Burda
5b205731f6
chore: remove deprecated remote module (#25734)
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
2021-03-09 17:12:40 -08:00
Zhang Zhi
b11c5533e8
Update security.md (#27449) 2021-01-25 10:27:29 +09:00
David Sanders
18f004eab1
docs: fix relative link (#26585) 2020-11-19 16:06:32 +09:00
Shiranka Miskin
ec85a91472
docs: update contextIsolation documentation on access to globals (#19732) 2020-11-18 15:24:00 +09:00
loc
0b85fdf26c
feat: add webContents.setWindowOpenHandler API (#24517)
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
2020-11-10 09:06:03 -08:00
David Sanders
43dbd1bdf8
chore: cleanup whitespace in docs (#26356) 2020-11-05 14:12:43 -08:00
Erick Zhao
935f6396d5
docs: clarify default value of enableRemoteModule (#26170) 2020-10-29 19:33:59 +09:00
David Sanders
e6f570d191
docs: improve relative link linting and fix broken (#26020) 2020-10-20 10:46:27 +09:00
Samuel Attard
cf635c5fac
docs: add document on contextIsolation (#23474)
* docs: add document on contextIsolation

* fix lint

* chore: link ctx isolation doc from security doc
2020-05-11 13:01:32 -07:00
Kilian Valkhof
8dc4a20069 docs: fix typos in security.md (#21665) 2020-01-03 11:11:01 -05:00
Milan Burda
093f2dd4a6 chore: remove deprecated <webview>.getWebContents() (#20986) 2019-11-08 15:46:35 -05:00
ryanomor
0c87471c12 Fix typo (#20450) 2019-10-07 12:26:38 -04:00
Felix Rieseberg
334ea36f38 docs: Add recent Electron version to security checklist (#20206)
* docs: Add recent Electron version to security checklist

* Update docs/tutorial/security.md

Co-Authored-By: Mark Lee <malept@users.noreply.github.com>

* Update docs/tutorial/security.md

Co-Authored-By: Pedro Pontes <pepontes@microsoft.com>

* Update docs/tutorial/security.md

Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
2019-09-13 21:12:14 -04:00
Jeremy Apthorp
f537366387 test: move security warnings spec to main runner (#20055) 2019-09-03 16:02:22 +09:00
Carlos
fb214a599e docs: update documentation under tutorials (#19804) 2019-08-20 09:45:25 -07:00
Micha Hanselmann
af3316707f fix invalid lang tags (#19513) 2019-07-30 13:11:56 -07:00
Shelley Vohr
6d96f30ed3
refactor: make shell.OpenExternal async (#17135) 2019-05-03 13:53:45 -07:00
Milan Burda
2fd3029040 docs: update nodeIntegration section for new defaults (#17715) 2019-04-29 14:29:27 -07:00
Milan Burda
235eea6669 docs: add remote module to docs/tutorial/security.md (#17480) 2019-04-05 20:41:05 +02:00
Milan Burda
8cf15cc931 feat: only allow bundled preload scripts (#17308) 2019-03-28 11:38:51 +01:00
Milan Burda
a82bbd010e build: strip trailing whitespace in docs (#17488) 2019-03-20 13:12:47 -07:00
Luca Carettoni
1bbb47be5b docs: Improved security doc, particularly around isolation and tool (#16703)
* Improved security doc, particularly around isolation and tool

* Fixes as suggested by @ckerr

* libcc update

* fixing lint stuff
2019-02-27 10:09:38 -08:00
pol
c76459738e docs: fix security doc url check (#16775) 2019-02-06 10:43:58 -08:00
Shelley Vohr
0881fd6397
feat: split openExternal into sync and async (#16176)
* feat: split openExternal into sync and async

* v8::Locker => mate::Locker

* fix: enter js env when resolving promise
2019-01-14 20:35:21 -08:00
Slapbox
d7d4b8638d docs: makes note of HTTP header CSP usage with file:// (#14768) 2018-11-28 17:58:18 +09:00
Shelley Vohr
c9d0960f47
docs: remove unsafe eval section of security tutorial (#15675)
* docs: remove unsafe eval section of security tutorial

* lintfix
2018-11-12 11:13:48 -05:00
Masato Kinugawa
43a8b6039e docs: Fix CSP header setting of sample code (#15313)
* Fix CSP header setting of sample code

Patch for #15310

* Update docs/tutorial/security.md

Co-Authored-By: masatokinugawa <masatokinugawa+github@gmail.com>
2018-10-23 10:38:48 -04:00
Samuel Attard
558fff69e7
chore: update to standard 12 2018-09-14 14:57:01 +10:00