From 54122862cf77bcb510a0dd1562073ec88fa70916 Mon Sep 17 00:00:00 2001
From: Jeremy Rose <nornagon@nornagon.net>
Date: Fri, 11 Feb 2022 10:32:09 -0800
Subject: [PATCH 1/3] feat: warn that preloads will be sandboxed by default in
 v20

---
 lib/browser/api/web-contents.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/browser/api/web-contents.ts b/lib/browser/api/web-contents.ts
index 5705cec695a07..5f028a80cebbe 100644
--- a/lib/browser/api/web-contents.ts
+++ b/lib/browser/api/web-contents.ts
@@ -1,4 +1,4 @@
-import { app, ipcMain, session, webFrameMain } from 'electron/main';
+import { app, ipcMain, session, webFrameMain, deprecate } from 'electron/main';
 import type { BrowserWindowConstructorOptions, LoadURLOptions } from 'electron/main';
 
 import * as url from 'url';
@@ -560,6 +560,10 @@ const loggingEnabled = () => {
 
 // Add JavaScript wrappers for WebContents class.
 WebContents.prototype._init = function () {
+  const prefs = this.getLastWebPreferences();
+  if (!prefs.nodeIntegration && (prefs.preload != null || prefs.preloadURL != null) && prefs.sandbox == null) {
+    deprecate.log('The default sandbox option for windows without nodeIntegration is changing. Presently, by default, when a window has a preload script, it defaults to being unsandboxed. In Electron 20, this default will be changing, and all windows that have nodeIntegration: false (which is the default) will be sandboxed by default. If your preload script doesn\'t use Node, no action is needed. If your preload script does use Node, either refactor it to move Node usage to the main process, or specify sandbox: false in your WebPreferences.');
+  }
   // Read off the ID at construction time, so that it's accessible even after
   // the underlying C++ WebContents is destroyed.
   const id = this.id;

From 345a572af2c8f64c3253d595867695519e22d96f Mon Sep 17 00:00:00 2001
From: Jeremy Rose <nornagon@nornagon.net>
Date: Fri, 11 Feb 2022 10:39:04 -0800
Subject: [PATCH 2/3] add a note to breaking changes

---
 docs/breaking-changes.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/docs/breaking-changes.md b/docs/breaking-changes.md
index e603146d0372e..6d561f87bd75e 100644
--- a/docs/breaking-changes.md
+++ b/docs/breaking-changes.md
@@ -12,6 +12,25 @@ This document uses the following convention to categorize breaking changes:
 * **Deprecated:** An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
 * **Removed:** An API or feature was removed, and is no longer supported by Electron.
 
+## Planned Breaking API Changes (20.0)
+
+### Default Changed: renderers without `nodeIntegration: true` are sandboxed by default
+
+Previously, renderers that specified a preload script defaulted to being
+unsandboxed. This meant that by default, preload scripts had access to Node.js.
+In Electron 20, this default has changed. Beginning in Electron 20, renderers
+will be sandboxed by default, unless `nodeIntegration: true` or `sandbox: false`
+is specified.
+
+If your preload scripts do not depend on Node, no action is needed. If your
+preload scripts _do_ depend on Node, either refactor them to remove Node usage
+from the renderer, or explicitly specify `sandbox: false` for the relevant
+renderers.
+
+## Planned Breaking API Changes (19.0)
+
+*None (yet)*
+
 ## Planned Breaking API Changes (18.0)
 
 ### Removed: `nativeWindowOpen`

From 043c8c0699cbb80422e0e4a941777e63f174bf91 Mon Sep 17 00:00:00 2001
From: Jeremy Rose <nornagon@nornagon.net>
Date: Tue, 15 Feb 2022 14:24:20 -0800
Subject: [PATCH 3/3] fix type error

---
 lib/browser/api/web-contents.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/browser/api/web-contents.ts b/lib/browser/api/web-contents.ts
index 5f028a80cebbe..ecf0bab08e94c 100644
--- a/lib/browser/api/web-contents.ts
+++ b/lib/browser/api/web-contents.ts
@@ -560,7 +560,7 @@ const loggingEnabled = () => {
 
 // Add JavaScript wrappers for WebContents class.
 WebContents.prototype._init = function () {
-  const prefs = this.getLastWebPreferences();
+  const prefs = this.getLastWebPreferences() || {};
   if (!prefs.nodeIntegration && (prefs.preload != null || prefs.preloadURL != null) && prefs.sandbox == null) {
     deprecate.log('The default sandbox option for windows without nodeIntegration is changing. Presently, by default, when a window has a preload script, it defaults to being unsandboxed. In Electron 20, this default will be changing, and all windows that have nodeIntegration: false (which is the default) will be sandboxed by default. If your preload script doesn\'t use Node, no action is needed. If your preload script does use Node, either refactor it to move Node usage to the main process, or specify sandbox: false in your WebPreferences.');
   }