New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: sandbox preloads by default #32869
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
API LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
API looks good to me.
The "BrowserWindow module "webPreferences" option child windows works in a scriptable popup" test is failing.
Also do we have a test verifying preload is sandboxed by default?
Hm... that test is failing because it uses I'm not quite sure what's going on here, it seems to me like that test ought to work unmodified. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
API LGTM
Mac failures are flake; merging. |
Release Notes Persisted
|
@VerteDinde has manually backported this PR to "20-x-y", please check out #35125 |
feat: sandbox preloads by default (#32869) Co-authored-by: Jeremy Rose <jeremya@chromium.org>
BREAKING CHANGE
Description of Change
Ref #28466 (comment), #32868
NB. breaking change is already documented in breaking-changes.md: https://github.com/electron/electron/blob/main/docs/breaking-changes.md#default-changed-renderers-without-nodeintegration-true-are-sandboxed-by-default
Checklist
npm test
passesRelease Notes
Notes: Renderers are now sandboxed by default unless
nodeIntegration: true
orsandbox: false
is specified.