Turn on new worldSafeExecuteJavaScript webPreference.

<electron/electron#24114> "Previously the return values of webFrame.executeJavaScript crossed the world boundary when context isolation was enabled. This allows apps to makes themselves insecure by accidentally sending objects from the isolated world back to the main world. To help devs avoid this we're adding this new flag, and this flag will be turned on by default in Electron 12 (and removed) ensuring that this kind of issue can't become a thing again. This PR is also requesting new minors of 8 and 9 😄 Notes: Added new worldSafeExecuteJavaScript webPreference to ensure that the return values from webFrame.executeJavaScript are world safe when context isolation is enabled"
delhanty · Aug 14, 2020 · a05e434 · a05e434
1 parent d0e9234
commit a05e434
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/src/main.ts b/src/main.ts
@@ -7,6 +7,10 @@ function createWindow() {
     height: 600,
     webPreferences: {
       preload: path.join(__dirname, "preload.js"),
+      // Need `contextIslation` and `worldSafeExecuteJavaScript` both set
+      // to silence recent `webFrame.executeJavaScript` warnings.
+      contextIsolation:           true,
+      worldSafeExecuteJavaScript: true
     },
     width: 800,
   });