github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-01-09 07:28:12 -05:00
Code Issues Packages Projects Releases Wiki Activity
27,584 Commits 334 Branches 3,446 Tags
c3036d455741b693b6cc70b2fd037af9401d97e9
Commit Graph

103 Commits

Author SHA1 Message Date
David Sanders
905aad9cb6 chore: type check JS in docs (#38423) 
* build(deps): update @electron/lint-roller

* chore: type check JS in docs

* docs: add @ts-check and @ts-expect-error to code blocks

* chore: fix type check errors in docs

* chore: add ts-type to blocks
 2023-06-05 16:26:26 +09:00
David Sanders
eeb1e7d499 chore: fix lint:js-in-markdown script (#38260) 2023-05-15 09:58:35 +02:00
David Sanders
d1cddf2517 docs: update github.com links (#37958) 2023-04-15 21:20:59 -07:00
David Sanders
4415b7638a chore: enforce consistent Markdown style for strong and emphasis (#37787) 2023-04-03 13:20:10 +02:00
Alexander Prinzhorn
9719cea250 docs: remove claim that HTTPS authenticates the remote server (#35526) 
Update security.md

I don't think this is accurate. This is not a feature of HTTPS. This would require certificate pinning. It has been in the security docs since 2db125890c

Related

https://github.com/electron/electron/issues/3330
https://www.npmjs.com/package/electron-ssl-pinning
https://cheatsheetseries.owasp.org/cheatsheets/Pinning_Cheat_Sheet.html
 2022-09-21 16:19:04 -04:00
Sebastian Vittersø
b1d7b30ca3 docs: fix wording mistake in security.md section 4 (#35682) 
Update security.md

Under "4. Process Sandboxing", it said "For mor information on what `contextIsolation` is..." which was the previous section (copied from there). This updates it to say "For more information on what Process Sandboxing is..."
 2022-09-20 11:14:44 -04:00
Aryan Shridhar
f244e75927 docs: add IPC validation guideline link in checklist (#35573) 2022-09-13 13:56:41 -07:00
Samuel Attard
2d0ad04354 docs: update security guide regarding ctx isolation (#33807) 2022-04-18 10:09:54 -04:00
Baitinq
c4e3a1aad3 docs: Use Node's URL parser in the 5th security recommendation (#33463) 
Rule 13 recommends using Node's URL parser for handling url inputs. At
the moment, this is not being followed in the code example for rule 5,
which falls back on checking that the url ends with a '/'. If this was
forgotten when a user copies this code it could introduce security
vulnerabilities if an attacker uses an URL in the following way:

"https://example.com.attacker.com"

Using Node's URL parser fixes this potential missuse and enables the
'/' to be omited from the code example.

Co-authored-by: Baitinq <you@example.com>
 2022-03-28 14:25:44 -04:00
Samuel Attard
800b96fe14 docs: add new IPC validation section to the security tutorial (#33369) 
* docs: add new IPC validation section to the security tutorial

* Update security.md

* Update docs/tutorial/security.md

Co-authored-by: Erick Zhao <erick@hotmail.ca>

* Update docs/tutorial/security.md

Co-authored-by: Erick Zhao <erick@hotmail.ca>

Co-authored-by: Erick Zhao <erick@hotmail.ca>
 2022-03-22 20:45:23 -04:00
Jeremy Rose
4342b7ff55 chore: remove awkward semi-documented preloadURL WebPreference (#33228) 2022-03-16 16:23:41 -07:00
Erick Zhao
cc0eb7b908 docs: update checklists (#32902) 2022-02-16 09:47:32 -08:00
Daryl Haresign
265474882c docs: Update Branch Name (#31106) 
* docs: Update CI Badge Branch Name

The CI badges were still pointing at builds for the master branch, which
are stale since the rename to main.

* docs: Update electron/electron Branch Name

Update electron/electron branch name from master to main.

* docs: Update electron/governance Branch Name

Update electron/governance branch name from master to main.
 2021-09-27 11:35:56 -04:00
Matthew Shen
c0e72bd335 docs: update to the use of arrow functions in line with the style guide (#30194) 
* docs: Update to the use of arrow functions in line with the style guide

* docs: Fixed unmatched bracket typo in previous commit 9ebe3e58f7948c6636d77f3c58a2693683b69691

* fix linting

Co-authored-by: Cheng Zhao <zcbenz@gmail.com>
 2021-08-02 10:57:37 +09:00
Jeremy Rose
d35fb2a2e3 docs: mention sandboxing in security docs (#30147) 2021-07-19 12:45:47 -07:00
Erick Zhao
8f8708680f docs: rework sandbox guide (#28978) 
* docs: rework sandbox guide

* update doc name

* add missing comment to code sample

* Update docs/tutorial/sandbox.md

Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>

* Update docs/tutorial/sandbox.md

Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>

* Update docs/tutorial/sandbox.md

Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com>

* load https in the examples

* change `process` docs to Electron's

* remove bit on chrome://sandbox page

* Update docs/tutorial/sandbox.md

Co-authored-by: Jeremy Rose <nornagon@nornagon.net>

* Update docs/tutorial/sandbox.md

Co-authored-by: Jeremy Rose <nornagon@nornagon.net>

* clarify sandbox default posture

* clarify tasks sandboxed renderers need ipc for

* clarify polyfilled preload environment

* emphasize that --no-sandbox is bad

* clarify preload polyfill `require`

* format markdown references properly

Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com>
Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
 2021-05-06 20:53:55 +09:00
Milan Burda
5b205731f6 chore: remove deprecated remote module (#25734) 
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
 2021-03-09 17:12:40 -08:00
Zhang Zhi
b11c5533e8 Update security.md (#27449) 2021-01-25 10:27:29 +09:00
David Sanders
18f004eab1 docs: fix relative link (#26585) 2020-11-19 16:06:32 +09:00
Shiranka Miskin
ec85a91472 docs: update contextIsolation documentation on access to globals (#19732) 2020-11-18 15:24:00 +09:00
loc
0b85fdf26c feat: add webContents.setWindowOpenHandler API (#24517) 
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
 2020-11-10 09:06:03 -08:00
David Sanders
43dbd1bdf8 chore: cleanup whitespace in docs (#26356) 2020-11-05 14:12:43 -08:00
Erick Zhao
935f6396d5 docs: clarify default value of enableRemoteModule (#26170) 2020-10-29 19:33:59 +09:00
David Sanders
e6f570d191 docs: improve relative link linting and fix broken (#26020) 2020-10-20 10:46:27 +09:00
Samuel Attard
cf635c5fac docs: add document on contextIsolation (#23474) 
* docs: add document on contextIsolation

* fix lint

* chore: link ctx isolation doc from security doc
 2020-05-11 13:01:32 -07:00
Kilian Valkhof
8dc4a20069 docs: fix typos in security.md (#21665) 2020-01-03 11:11:01 -05:00
Milan Burda
093f2dd4a6 chore: remove deprecated <webview>.getWebContents() (#20986) 2019-11-08 15:46:35 -05:00
ryanomor
0c87471c12 Fix typo (#20450) 2019-10-07 12:26:38 -04:00
Felix Rieseberg
334ea36f38 docs: Add recent Electron version to security checklist (#20206) 
* docs: Add recent Electron version to security checklist

* Update docs/tutorial/security.md

Co-Authored-By: Mark Lee <malept@users.noreply.github.com>

* Update docs/tutorial/security.md

Co-Authored-By: Pedro Pontes <pepontes@microsoft.com>

* Update docs/tutorial/security.md

Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
 2019-09-13 21:12:14 -04:00
Jeremy Apthorp
f537366387 test: move security warnings spec to main runner (#20055) 2019-09-03 16:02:22 +09:00
Carlos
fb214a599e docs: update documentation under tutorials (#19804) 2019-08-20 09:45:25 -07:00
Micha Hanselmann
af3316707f fix invalid lang tags (#19513) 2019-07-30 13:11:56 -07:00
Shelley Vohr
6d96f30ed3 refactor: make shell.OpenExternal async (#17135) 2019-05-03 13:53:45 -07:00
Milan Burda
2fd3029040 docs: update nodeIntegration section for new defaults (#17715) 2019-04-29 14:29:27 -07:00
Milan Burda
235eea6669 docs: add remote module to docs/tutorial/security.md (#17480) 2019-04-05 20:41:05 +02:00
Milan Burda
8cf15cc931 feat: only allow bundled preload scripts (#17308) 2019-03-28 11:38:51 +01:00
Milan Burda
a82bbd010e build: strip trailing whitespace in docs (#17488) 2019-03-20 13:12:47 -07:00
Luca Carettoni
1bbb47be5b docs: Improved security doc, particularly around isolation and tool (#16703) 
* Improved security doc, particularly around isolation and tool

* Fixes as suggested by @ckerr

* libcc update

* fixing lint stuff
 2019-02-27 10:09:38 -08:00
pol
c76459738e docs: fix security doc url check (#16775) 2019-02-06 10:43:58 -08:00
Shelley Vohr
0881fd6397 feat: split openExternal into sync and async (#16176) 
* feat: split openExternal into sync and async

* v8::Locker => mate::Locker

* fix: enter js env when resolving promise
 2019-01-14 20:35:21 -08:00
Slapbox
d7d4b8638d docs: makes note of HTTP header CSP usage with file:// (#14768) 2018-11-28 17:58:18 +09:00
Shelley Vohr
c9d0960f47 docs: remove unsafe eval section of security tutorial (#15675) 
* docs: remove unsafe eval section of security tutorial

* lintfix
 2018-11-12 11:13:48 -05:00
Masato Kinugawa
43a8b6039e docs: Fix CSP header setting of sample code (#15313) 
* Fix CSP header setting of sample code

Patch for #15310

* Update docs/tutorial/security.md

Co-Authored-By: masatokinugawa <masatokinugawa+github@gmail.com>
 2018-10-23 10:38:48 -04:00
Samuel Attard
558fff69e7 chore: update to standard 12 2018-09-14 14:57:01 +10:00
Beni von Cheni
aef64c6f48 docs: chrome-command-line-switches.md: update proxy-server support (#14198) 
* docs: chrome-command-line-switches.md: update proxy-server support

Per issue #12443, the proxy URL in proxy-server switch would not
support username and password authentication.

* docs: security.md: correct checklist #14 markdown

When running "npm run lint:docs" script, linting warning suggests
"Broken links: #13-disable-or-limit-creation-of-new-windows". Update
accordingly to #14.
 2018-08-19 12:34:14 -07:00
Anders Kaseorg
466fe816d5 docs: security.md: Fix navigation lockdown example code (#14185) 
The `url` module is not a constructor; change `require('url')` to
`require('url').URL`. Also, check the entire origin rather than just
the hostname, since otherwise `http://my-own-server.com` is allowed in
addition to `https://my-own-server.com`, in violation of point 1 (only
load secure content).

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
 2018-08-18 19:41:55 -07:00
GhostlyDark
9005803667 Fix typos (#13999) 2018-08-09 10:04:03 -05:00
Felix Rieseberg
a99cc969b5 📝 Update security docs: will-navigate, new-window (#13884) 2018-07-31 13:40:26 -05:00
Aleksei Kuzmin
3b2424b4c8 docs: update an estimate of how much we are behind Chromium 2018-07-25 16:35:17 +02:00
Shelley Vohr
6045d1218a refactor: remove experimentalCanvasFeatures property (#13684) 2018-07-16 13:32:42 -07:00