We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is your feature request related to a problem? Please describe.
We're not yet following Electron best practices fully. https://www.electronjs.org/docs/latest/tutorial/context-isolation
Describe the solution you'd like
https://github.com/bitshares/beet/blob/develop/src/background.js#L170 https://github.com/bitshares/beet/blob/develop/src/background.js#L251
Set nodeIntegration and enableRemoteModule to false, and contextIsolation to true.
nodeIntegration
enableRemoteModule
contextIsolation
Adapt renderer to request node/module functions/data through the ipcmain/ipcrenderer pipeline.
Describe alternatives you've considered
Exhaustively prevent XSS in the renderer.
Additional context
Latest BTS NFT Viewer has made these changes: https://github.com/BTS-CM/NFT_Viewer/releases/tag/v1.9.2
And the airdrop tool is about 98% of the way there: https://github.com/BTS-CM/airdrop_tool/tree/context_isolation
The background.js file is likely to significantly bloat due to inheriting code from the renderer.
This is likely a multi-thousand LOC feature request, however it's worthwhile to make the wallet follow best practices.
The text was updated successfully, but these errors were encountered:
Fully implemented in: https://github.com/beetapp/beeteos
Sorry, something went wrong.
No branches or pull requests
Is your feature request related to a problem? Please describe.
We're not yet following Electron best practices fully. https://www.electronjs.org/docs/latest/tutorial/context-isolation
Describe the solution you'd like
https://github.com/bitshares/beet/blob/develop/src/background.js#L170
https://github.com/bitshares/beet/blob/develop/src/background.js#L251
Set
nodeIntegrationandenableRemoteModuleto false, andcontextIsolationto true.Adapt renderer to request node/module functions/data through the ipcmain/ipcrenderer pipeline.
Describe alternatives you've considered
Exhaustively prevent XSS in the renderer.
Additional context
Latest BTS NFT Viewer has made these changes: https://github.com/BTS-CM/NFT_Viewer/releases/tag/v1.9.2
And the airdrop tool is about 98% of the way there: https://github.com/BTS-CM/airdrop_tool/tree/context_isolation
The background.js file is likely to significantly bloat due to inheriting code from the renderer.
This is likely a multi-thousand LOC feature request, however it's worthwhile to make the wallet follow best practices.
The text was updated successfully, but these errors were encountered: