github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-04-10 03:01:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

revert: replace BrowserView with WebContentsView (#41060)

Browse Source 
Revert "feat: replace BrowserView with WebContentsView (#40759)"

This reverts commit bd304f7c9d.
This commit is contained in:
Keeley Hammond
2024-01-22 08:53:02 -08:00
committed by GitHub
parent b84beed666
commit 12f4204824
75 changed files with 1530 additions and 2986 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/tutorial/security.md
View File

@@ -79,8 +79,8 @@ will be able to execute native code on the user's machine.
Under no circumstances should you load and execute remote code with
Node.js integration enabled. Instead, use only local files (packaged together
with your application) to execute Node.js code. To display remote content, use
the [`<webview>`][webview-tag] tag or a [`WebContentsView`][web-contents-view]
and make sure to disable the `nodeIntegration` and enable `contextIsolation`.
the [`<webview>`][webview-tag] tag or [`BrowserView`][browser-view], make sure
to disable the `nodeIntegration` and enable `contextIsolation`.
:::
:::info Electron security warnings
@@ -166,7 +166,7 @@ This recommendation is the default behavior in Electron since 5.0.0.
:::
It is paramount that you do not enable Node.js integration in any renderer
([`BrowserWindow`][browser-window], [`WebContentsView`][web-contents-view], or
([`BrowserWindow`][browser-window], [`BrowserView`][browser-view], or
[`<webview>`][webview-tag]) that loads remote content. The goal is to limit the
powers you grant to remote content, thus making it dramatically more difficult
for an attacker to harm your users should they gain the ability to execute
@@ -306,8 +306,8 @@ This recommendation is Electron's default.
You may have already guessed that disabling the `webSecurity` property on a
renderer process ([`BrowserWindow`][browser-window],
[`WebContentsView`][web-contents-view], or [`<webview>`][webview-tag]) disables
crucial security features.
[`BrowserView`][browser-view], or [`<webview>`][webview-tag]) disables crucial
security features.
Do not disable `webSecurity` in production applications.
@@ -782,10 +782,10 @@ learn how to serve files / content from a custom protocol.
[breaking-changes]: ../breaking-changes.md
[browser-window]: ../api/browser-window.md
[browser-view]: ../api/browser-view.md
[webview-tag]: ../api/webview-tag.md
[web-contents-view]: ../api/web-contents-view.md
[responsible-disclosure]: https://en.wikipedia.org/wiki/Responsible_disclosure
[web-contents]: ../api/web-contents.md
[window-open-handler]: ../api/web-contents.md#contentssetwindowopenhandlerhandler
[will-navigate]: ../api/web-contents.md#event-will-navigate
[open-external]: ../api/shell.md#shellopenexternalurl-options
[responsible-disclosure]: https://en.wikipedia.org/wiki/Responsible_disclosure