github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-04-10 03:01:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

feat: enable world safe JS by default (#27502)

Browse Source 
* feat: enable world safe JS by default

* refactor: use the ctx bridge to send executeJavaScript results in a world safe way

* docs: add more info about the breaking change

* include default in IsEnabled check

* test: fix failing http spec

Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
Co-authored-by: Samuel Attard <sattard@slack-corp.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
This commit is contained in:
trop[bot]
2021-01-29 12:39:56 -08:00
committed by GitHub
parent 37c68d56d6
commit 28fa60fbcb
7 changed files with 91 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
docs/breaking-changes.md
View File

@@ -12,6 +12,16 @@ This document uses the following convention to categorize breaking changes:
- **Deprecated:** An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
- **Removed:** An API or feature was removed, and is no longer supported by Electron.
## Planned Breaking API Changes (14.0)
### Removed: `worldSafeExecuteJavaScript`
In Electron 14, `worldSafeExecuteJavaScript` will be removed. There is no alternative, please
ensure your code works with this property enabled. It has been enabled by default since Electron
12.
You will be affected by this change if you use either `webFrame.executeJavaScript` or `webFrame.executeJavaScriptInIsolatedWorld`. You will need to ensure that values returned by either of those methods are supported by the [Context Bridge API](api/context-bridge.md#parameter--error--return-type-support) as these methods use the same value passing semantics.
## Planned Breaking API Changes (13.0)
### Removed: `shell.moveItemToTrash()`
@@ -34,6 +44,15 @@ Chromium has removed support for Flash, and so we must follow suit. See
Chromium's [Flash Roadmap](https://www.chromium.org/flash-roadmap) for more
details.
### Default Changed: `worldSafeExecuteJavaScript` defaults to `true`
In Electron 12, `worldSafeExecuteJavaScript` will be enabled by default. To restore
the previous behavior, `worldSafeExecuteJavaScript: false` must be specified in WebPreferences.
Please note that setting this option to `false` is **insecure**.
This option will be removed in Electron 14 so please migrate your code to support the default
value.
### Default Changed: `contextIsolation` defaults to `true`
In Electron 12, `contextIsolation` will be enabled by default. To restore