7a6a2a51e0
docs: fix info admonitions in security.md ( #42451 )
2024-06-12 11:38:21 -05:00
c6845b0afc
chore: update @electron/lint-roller to 2.2.0 ( #42412 )
2024-06-10 10:14:03 -05:00
3ec04fd449
docs: add note about fuses to our security documentation ( #41210 )
...
* Add note about fuses to our security documentation
Additionally, add the missing #18 to the ToC.
* lint issues for security.md
* Update docs/tutorial/security.md
Co-authored-by: Felix Rieseberg <fr@makenotion.com>
* move reference links to bottom of security.md
---------
Co-authored-by: Felix Rieseberg <fr@makenotion.com>
2024-02-02 17:28:36 -06:00
15c6014324
feat: replace BrowserView with WebContentsView ( #35658 )
2023-12-13 13:01:03 -08:00
3d2a754531
chore: extend linting of code blocks in the docs ( #40245 )
...
* chore: extend linting of code blocks in the docs
* chore: combine lint:markdownlint and lint:markdown scripts
2023-11-21 16:50:08 +09:00
d504d150ef
feat: add new fuse to treat file: identically to browsers ( #40372 )
2023-11-09 10:23:52 -08:00
905aad9cb6
chore: type check JS in docs ( #38423 )
...
* build(deps): update @electron/lint-roller
* chore: type check JS in docs
* docs: add @ts-check and @ts-expect-error to code blocks
* chore: fix type check errors in docs
* chore: add ts-type to blocks
2023-06-05 16:26:26 +09:00
eeb1e7d499
chore: fix lint:js-in-markdown script ( #38260 )
2023-05-15 09:58:35 +02:00
d1cddf2517
docs: update github.com links ( #37958 )
2023-04-15 21:20:59 -07:00
4415b7638a
chore: enforce consistent Markdown style for strong and emphasis ( #37787 )
2023-04-03 13:20:10 +02:00
9719cea250
docs: remove claim that HTTPS authenticates the remote server ( #35526 )
...
Update security.md
I don't think this is accurate. This is not a feature of HTTPS. This would require certificate pinning. It has been in the security docs since 2db125890chttps://github.com/electron/electron/issues/3330
https://www.npmjs.com/package/electron-ssl-pinning
https://cheatsheetseries.owasp.org/cheatsheets/Pinning_Cheat_Sheet.html
2022-09-21 16:19:04 -04:00
b1d7b30ca3
docs: fix wording mistake in security.md section 4 ( #35682 )
...
Update security.md
Under "4. Process Sandboxing", it said "For mor information on what `contextIsolation` is..." which was the previous section (copied from there). This updates it to say "For more information on what Process Sandboxing is..."
2022-09-20 11:14:44 -04:00
f244e75927
docs: add IPC validation guideline link in checklist ( #35573 )
2022-09-13 13:56:41 -07:00
2d0ad04354
docs: update security guide regarding ctx isolation ( #33807 )
2022-04-18 10:09:54 -04:00
c4e3a1aad3
docs: Use Node's URL parser in the 5th security recommendation ( #33463 )
...
Rule 13 recommends using Node's URL parser for handling url inputs. At
the moment, this is not being followed in the code example for rule 5,
which falls back on checking that the url ends with a '/'. If this was
forgotten when a user copies this code it could introduce security
vulnerabilities if an attacker uses an URL in the following way:
"https://example.com.attacker.com "
Using Node's URL parser fixes this potential missuse and enables the
'/' to be omited from the code example.
Co-authored-by: Baitinq <you@example.com>
2022-03-28 14:25:44 -04:00
800b96fe14
docs: add new IPC validation section to the security tutorial ( #33369 )
...
* docs: add new IPC validation section to the security tutorial
* Update security.md
* Update docs/tutorial/security.md
Co-authored-by: Erick Zhao <erick@hotmail.ca>
* Update docs/tutorial/security.md
Co-authored-by: Erick Zhao <erick@hotmail.ca>
Co-authored-by: Erick Zhao <erick@hotmail.ca>
2022-03-22 20:45:23 -04:00
4342b7ff55
chore: remove awkward semi-documented preloadURL WebPreference ( #33228 )
2022-03-16 16:23:41 -07:00
cc0eb7b908
docs: update checklists ( #32902 )
2022-02-16 09:47:32 -08:00
265474882c
docs: Update Branch Name ( #31106 )
...
* docs: Update CI Badge Branch Name
The CI badges were still pointing at builds for the master branch, which
are stale since the rename to main.
* docs: Update electron/electron Branch Name
Update electron/electron branch name from master to main.
* docs: Update electron/governance Branch Name
Update electron/governance branch name from master to main.
2021-09-27 11:35:56 -04:00
c0e72bd335
docs: update to the use of arrow functions in line with the style guide ( #30194 )
...
* docs: Update to the use of arrow functions in line with the style guide
* docs: Fixed unmatched bracket typo in previous commit 9ebe3e58f7948c6636d77f3c58a2693683b69691
* fix linting
Co-authored-by: Cheng Zhao <zcbenz@gmail.com>
2021-08-02 10:57:37 +09:00
d35fb2a2e3
docs: mention sandboxing in security docs ( #30147 )
2021-07-19 12:45:47 -07:00
8f8708680f
docs: rework sandbox guide ( #28978 )
...
* docs: rework sandbox guide
* update doc name
* add missing comment to code sample
* Update docs/tutorial/sandbox.md
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
* Update docs/tutorial/sandbox.md
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
* Update docs/tutorial/sandbox.md
Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com>
* load https in the examples
* change `process` docs to Electron's
* remove bit on chrome://sandbox page
* Update docs/tutorial/sandbox.md
Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
* Update docs/tutorial/sandbox.md
Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
* clarify sandbox default posture
* clarify tasks sandboxed renderers need ipc for
* clarify polyfilled preload environment
* emphasize that --no-sandbox is bad
* clarify preload polyfill `require`
* format markdown references properly
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com>
Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
2021-05-06 20:53:55 +09:00
5b205731f6
chore: remove deprecated remote module ( #25734 )
...
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
2021-03-09 17:12:40 -08:00
b11c5533e8
Update security.md ( #27449 )
2021-01-25 10:27:29 +09:00
18f004eab1
docs: fix relative link ( #26585 )
2020-11-19 16:06:32 +09:00
ec85a91472
docs: update contextIsolation documentation on access to globals ( #19732 )
2020-11-18 15:24:00 +09:00
0b85fdf26c
feat: add webContents.setWindowOpenHandler API ( #24517 )
...
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
2020-11-10 09:06:03 -08:00
43dbd1bdf8
chore: cleanup whitespace in docs ( #26356 )
2020-11-05 14:12:43 -08:00
935f6396d5
docs: clarify default value of enableRemoteModule ( #26170 )
2020-10-29 19:33:59 +09:00
e6f570d191
docs: improve relative link linting and fix broken ( #26020 )
2020-10-20 10:46:27 +09:00
cf635c5fac
docs: add document on contextIsolation ( #23474 )
...
* docs: add document on contextIsolation
* fix lint
* chore: link ctx isolation doc from security doc
2020-05-11 13:01:32 -07:00
8dc4a20069
docs: fix typos in security.md ( #21665 )
2020-01-03 11:11:01 -05:00
093f2dd4a6
chore: remove deprecated <webview>.getWebContents() ( #20986 )
2019-11-08 15:46:35 -05:00
0c87471c12
Fix typo ( #20450 )
2019-10-07 12:26:38 -04:00
334ea36f38
docs: Add recent Electron version to security checklist ( #20206 )
...
* docs: Add recent Electron version to security checklist
* Update docs/tutorial/security.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* Update docs/tutorial/security.md
Co-Authored-By: Pedro Pontes <pepontes@microsoft.com>
* Update docs/tutorial/security.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
2019-09-13 21:12:14 -04:00
f537366387
test: move security warnings spec to main runner ( #20055 )
2019-09-03 16:02:22 +09:00
fb214a599e
docs: update documentation under tutorials ( #19804 )
2019-08-20 09:45:25 -07:00
af3316707f
fix invalid lang tags ( #19513 )
2019-07-30 13:11:56 -07:00
6d96f30ed3
refactor: make shell.OpenExternal async ( #17135 )
2019-05-03 13:53:45 -07:00
2fd3029040
docs: update nodeIntegration section for new defaults ( #17715 )
2019-04-29 14:29:27 -07:00
235eea6669
docs: add remote module to docs/tutorial/security.md ( #17480 )
2019-04-05 20:41:05 +02:00
8cf15cc931
feat: only allow bundled preload scripts ( #17308 )
2019-03-28 11:38:51 +01:00
a82bbd010e
build: strip trailing whitespace in docs ( #17488 )
2019-03-20 13:12:47 -07:00
1bbb47be5b
docs: Improved security doc, particularly around isolation and tool ( #16703 )
...
* Improved security doc, particularly around isolation and tool
* Fixes as suggested by @ckerr
* libcc update
* fixing lint stuff
2019-02-27 10:09:38 -08:00
c76459738e
docs: fix security doc url check ( #16775 )
2019-02-06 10:43:58 -08:00
0881fd6397
feat: split openExternal into sync and async ( #16176 )
...
* feat: split openExternal into sync and async
* v8::Locker => mate::Locker
* fix: enter js env when resolving promise
2019-01-14 20:35:21 -08:00
d7d4b8638d
docs: makes note of HTTP header CSP usage with file:// ( #14768 )
2018-11-28 17:58:18 +09:00
c9d0960f47
docs: remove unsafe eval section of security tutorial ( #15675 )
...
* docs: remove unsafe eval section of security tutorial
* lintfix
2018-11-12 11:13:48 -05:00
43a8b6039e
docs: Fix CSP header setting of sample code ( #15313 )
...
* Fix CSP header setting of sample code
Patch for #15310
* Update docs/tutorial/security.md
Co-Authored-By: masatokinugawa <masatokinugawa+github@gmail.com>
2018-10-23 10:38:48 -04:00
558fff69e7
chore: update to standard 12
2018-09-14 14:57:01 +10:00
voidfill
David Sanders
Kilian Valkhof
Jeremy Rose
Samuel Attard
Alexander Prinzhorn
Sebastian Vittersø
Aryan Shridhar
Baitinq
Erick Zhao
Daryl Haresign
Matthew Shen
Milan Burda
Zhang Zhi
Shiranka Miskin
loc
Samuel Attard
ryanomor
Felix Rieseberg
Carlos
Micha Hanselmann
Shelley Vohr
Luca Carettoni
pol
Shelley Vohr
Slapbox
Masato Kinugawa
Samuel Attard