github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-02-26 03:01:17 -05:00
Code Issues Packages Projects Releases Wiki Activity

docs: reference security guide in ipcRenderer.on docs (#45371)

Browse Source 
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Niklas Wenzel <dev@nikwen.de>
This commit is contained in:
trop[bot]
2025-01-29 15:44:07 -05:00
committed by GitHub
parent 04f5fe6a1c
commit e99328a45e
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/api/ipc-renderer.md
View File

@@ -41,6 +41,16 @@ The `ipcRenderer` module has the following method to listen for events and send
Listens to `channel`, when a new message arrives `listener` would be called with
`listener(event, args...)`.
:::warning
Do not expose the `event` argument to the renderer for security reasons! Wrap any
callback that you receive from the renderer in another function like this:
`ipcRenderer.on('my-channel', (event, ...args) => callback(...args))`.
Not wrapping the callback in such a function would expose dangerous Electron APIs
to the renderer process. See the
[security guide](../tutorial/security.md#20-do-not-expose-electron-apis-to-untrusted-web-content)
for more info.
:::
### `ipcRenderer.off(channel, listener)`
* `channel` string