electron/docs/tutorial
Baitinq c4e3a1aad3
docs: Use Node's URL parser in the 5th security recommendation (#33463)
Rule 13 recommends using Node's URL parser for handling url inputs. At
the moment, this is not being followed in the code example for rule 5,
which falls back on checking that the url ends with a '/'. If this was
forgotten when a user copies this code it could introduce security
vulnerabilities if an attacker uses an URL in the following way:

"https://example.com.attacker.com"

Using Node's URL parser fixes this potential missuse and enables the
'/' to be omited from the code example.

Co-authored-by: Baitinq <you@example.com>
2022-03-28 14:25:44 -04:00
..
accessibility.md docs: update test automation doc (#31506) 2021-10-28 11:17:43 +09:00
application-debugging.md feat: bring --enable-logging functionality in line with Chromium (#25089) 2021-06-17 14:17:25 -07:00
application-distribution.md Fix typo in distribution docs (#31791) 2021-11-17 12:20:24 -06:00
automated-testing.md docs: add playwright e2e testing docs (#31961) 2021-11-23 11:47:24 -08:00
boilerplates-and-clis.md docs: trim trailing whitespace (#25768) 2020-10-05 13:01:40 -07:00
code-signing.md docs: improve documentation about macOS entitlement usage security (#30740) 2021-09-01 10:02:42 +09:00
context-isolation.md docs: update context isolation doc (#30898) 2021-09-15 10:50:02 +09:00
dark-mode.md docs: update to the use of arrow functions in line with the style guide (#30194) 2021-08-02 10:57:37 +09:00
debugging-main-process.md docs: add native c++ windows debugging method (#26286) 2020-11-06 16:55:55 -08:00
debugging-vscode.md docs: use relative links within docs (#29651) 2021-06-14 14:02:23 -05:00
devices.md chore: refactor persisting permission granted to serial ports (#31181) 2021-10-06 16:18:00 -04:00
devtools-extension.md chore: fix lint (#27620) 2021-02-04 13:02:36 -08:00
electron-timelines.md docs: Update release dates for E19 and fix typos (#33464) 2022-03-28 09:30:05 -07:00
electron-versioning.md docs: consolidate info docs (#32964) 2022-02-28 11:46:52 -08:00
fuses.md docs: Update Branch Name (#31106) 2021-09-27 11:35:56 -04:00
in-app-purchases.md docs: remove platform notices from tutorial titles (#32937) 2022-03-03 09:56:00 -08:00
installation.md docs: Fix environment variable name (#32094) 2021-12-13 15:42:43 +09:00
introduction.md Update discord url to electronjs (#32173) 2021-12-14 13:25:56 -08:00
ipc.md docs: possible change in tutorial/ipc (#33218) 2022-03-21 11:13:55 +09:00
keyboard-shortcuts.md docs: update to the use of arrow functions in line with the style guide (#30194) 2021-08-02 10:57:37 +09:00
launch-app-from-url-in-another-app.md docs: remove platform notices from tutorial titles (#32937) 2022-03-03 09:56:00 -08:00
linux-desktop-actions.md docs: remove platform notices from tutorial titles (#32937) 2022-03-03 09:56:00 -08:00
mac-app-store-submission-guide.md docs: revise Mac App Store Submission Guide (#28922) 2021-05-13 11:01:36 +09:00
macos-dock.md docs: remove platform notices from tutorial titles (#32937) 2022-03-03 09:56:00 -08:00
message-ports.md docs: update to the use of arrow functions in line with the style guide (#30194) 2021-08-02 10:57:37 +09:00
multithreading.md build: update to standard 14 (#24479) 2020-07-09 10:18:49 -07:00
native-file-drag-drop.md docs: update drag and drop tutorial (#29200) 2021-05-19 09:55:24 +09:00
notifications.md docs: fix broken link to GNOME notifications spec (#32934) 2022-02-21 10:23:17 +09:00
offscreen-rendering.md docs: add window customization guide (#31054) 2021-10-19 09:58:35 +09:00
online-offline-events.md docs: update to the use of arrow functions in line with the style guide (#30194) 2021-08-02 10:57:37 +09:00
performance.md docs: update checklists (#32902) 2022-02-16 09:47:32 -08:00
process-model.md docs: reword sentence for better understanding (#33265) 2022-03-15 10:11:40 -07:00
progress-bar.md docs: remove platform notices from tutorial titles (#32937) 2022-03-03 09:56:00 -08:00
quick-start.md docs: remove extra $ from npm install command (#33366) 2022-03-23 08:54:08 +09:00
recent-documents.md docs: remove platform notices from tutorial titles (#32937) 2022-03-03 09:56:00 -08:00
repl.md docs: update REPL guide (#28943) 2021-05-04 17:17:04 +09:00
represented-file.md docs: remove platform notices from tutorial titles (#32937) 2022-03-03 09:56:00 -08:00
sandbox.md docs: update links to Chromium source (#33309) 2022-03-17 13:45:55 +01:00
security.md docs: Use Node's URL parser in the 5th security recommendation (#33463) 2022-03-28 14:25:44 -04:00
snapcraft.md docs: uniformize tutorial titles (#30527) 2021-08-16 14:12:34 +02:00
spellchecker.md chore: use relative links in docs (#26360) 2020-11-24 11:02:16 +09:00
support.md docs: consolidate info docs (#32964) 2022-02-28 11:46:52 -08:00
testing-on-headless-ci.md Remove broken link and update CircleCI's name (#32448) 2022-01-18 12:02:35 -05:00
testing-widevine-cdm.md docs: minor grammar & spelling fixes (#22851) 2020-03-31 13:06:25 +09:00
tray.md docs: fix frontmatter for Tray tutorial (#29788) 2021-06-21 10:13:39 +09:00
updates.md docs: update Hazel information (#30517) 2021-08-19 08:42:12 +09:00
using-native-node-modules.md docs: uniformize tutorial titles (#30527) 2021-08-16 14:12:34 +02:00
using-pepper-flash-plugin.md docs: uniformize tutorial titles (#30527) 2021-08-16 14:12:34 +02:00
web-embeds.md docs: uniformize tutorial titles (#30527) 2021-08-16 14:12:34 +02:00
window-customization.md docs: add window customization guide (#31054) 2021-10-19 09:58:35 +09:00
windows-arm.md docs: update development-related documentation (#31043) 2021-10-27 10:18:38 +09:00
windows-store-guide.md chore: cleanup whitespace in docs (#26356) 2020-11-05 14:12:43 -08:00
windows-taskbar.md docs: remove platform notices from tutorial titles (#32937) 2022-03-03 09:56:00 -08:00