Disclaimer: I'm not a security researcher, but this is scraped from multiple sources.ĬontextBridge is important because it offers protection against passing values into the renderer process based off the old way. Native graphical user interfaces Interact with your operating systems interfaces with Electrons main process APIs. Desktop development made easy Electron takes care of the hard parts so you can focus on the core of your application. As electron framework is able to use node.js, you can use this plugin to create your own sftp client easily. ssh2 is a SSH2 client module written in pure JavaScript for node.js. Event: 'before-quit' Returns: event Event Emitted before the application starts closing its windows. 9 Architectureedit Electron applications include a 'main' process and several 'renderer' processes. I'm the author of the template, let me offer some background knowledge you might find helpful. Electron is an open source project maintained by the OpenJS Foundation and an active community of contributors. With SSH2 library you'll be able to create a ssh connection to your server to transfer (download and upload) files easily. If the user pressed Cmd + Q, or the developer called app.quit (), Electron will first try to close all the windows and then emit the will-quit event, and in this case the window-all-closed event would not be emitted. Electron was originally built for Atom4and is the main GUI framework behind several open-source projects including Atom, GitHub Desktop, Light Table,7Visual Studio Code, WordPressDesktop8and Eclipse Theia. Insight regarding contextBridge best practices is also highly appreciated. Would you be able to provide additional resources/examples which might be useful for the implementation of a secure Electron app (which relies on the contextBridge functionality)? The following is a single contextBridge usage example I've managed to find online: In general, existing documentation/tutorials do not focus on adopting secure practices when implementing an Electron app. Native graphical user interfaces Interact with your operating system's interfaces with Electron's main process APIs. The packaged Electron app can even be auto-updated just like a real website. You have access to the entire npm library, something you don’t have with a regular web app. In order to expose specific functionality, the window's preload script may exploit Electron's contextBridge feature, providing the main renderer with access to selected Node/Electron APIs.ĭespite information provided in the Electron docs, concrete examples of contextBridge usage are lacking overall. Electron is an open source project maintained by the OpenJS Foundation and an active community of contributors. Electron is commonly used alongside a web framework like React, Vue, or Angular to make powerful web applications. In this scenario, Node/Electron APIs will not be available to the main renderer process. To provide suitable levels of security when loading remote content, it is stated that a BrowserWindow's contextIsolation and nodeIntegration options must be enabled and disabled respectively.
0 Comments
Leave a Reply. |