New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: disable nodeIntegration / webviewTag by default #16235
Conversation
d47d14e
to
3977d2f
Compare
3977d2f
to
0cba8ab
Compare
ab85ebc
to
c3fd1b8
Compare
c20b5fd
to
d5a3c98
Compare
d5a3c98
to
418e63d
Compare
SetDefaultBoolIfUndefined(options::kNodeIntegrationInWorker, false); | ||
SetDefaultBoolIfUndefined(options::kWebviewTag, node); | ||
SetDefaultBoolIfUndefined(options::kWebviewTag, false); | ||
SetDefaultBoolIfUndefined(options::kSandbox, false); | ||
SetDefaultBoolIfUndefined(options::kNativeWindowOpen, false); | ||
SetDefaultBoolIfUndefined(options::kContextIsolation, false); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This default was also deprecated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@MarshallOfSound I know, this one will be handled in a separate PR.
Release Notes Persisted
|
The default values have been flipped for security in electron/electron#16235
The default values have been flipped for security in electron/electron#16235
The default values have been flipped for security in electron/electron#16235
The default values have been flipped for security in electron/electron#16235
The default values have been flipped for security in electron/electron#16235
The default values are now flipped electron/electron#16235
Description of Change
The previous default values have been deprecated in Electron 4.0. Follow up to #15045 and #16004.
BREAKING CHANGE
Checklist
npm test
passesRelease Notes
Notes: The default values of
nodeIntegration
andwebviewTag
are nowfalse
to improve security.