Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor preload scripts to be secure on Electron 20 #101

Merged
merged 4 commits into from
Sep 6, 2022
Merged

Conversation

manusa
Copy link
Owner

@manusa manusa commented Sep 6, 2022

References

Sandbox Preload scripts

https://www.electronjs.org/docs/latest/tutorial/sandbox#preload-scripts

In order to allow renderer processes to communicate with the main process, preload scripts attached to sandboxed renderers will still have a polyfilled subset of Node.js APIs available. A require function similar to Node's require module is exposed, but can only import a subset of Electron and Node's built-in modules:

In addition, the preload script also polyfills certain Node.js primitives as globals:

Because the require function is a polyfill with limited functionality, you will not be able to use CommonJS modules to separate your preload script into multiple files. If you need to split your preload code, use a bundler such as webpack or Parcel.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 6, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

90.9% 90.9% Coverage
0.0% 0.0% Duplication

@manusa manusa merged commit f59e161 into main Sep 6, 2022
@manusa manusa deleted the build/parcel branch September 6, 2022 09:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant