refactor: ensure IpcRenderer is not bridgable#40330
Conversation
|
@MarshallOfSound would it make sense to do this as well for consistency? class IpcRendererInternal extends EventEmitter implements ElectronInternal.IpcRendererInternal {
send (channel: string, ...args: any[]) {
return ipc.send(internal, channel, args);
}
sendSync (channel: string, ...args: any[]) {
return ipc.sendSync(internal, channel, args);
}
async invoke<T> (channel: string, ...args: any[]) {
const { error, result } = await ipc.invoke<T>(internal, channel, args);
if (error) {
throw new Error(`Error invoking remote method '${channel}': ${error}`);
}
return result;
};
}
export const ipcRendererInternal = new IpcRendererInternal(); |
|
@miniak Oh yeah sure |
|
Should this be considered a breaking change? In #40321 the docs are being updated to avoid the footgun pattern, but currently the IPC tutorial said "In the renderer process, use the |
In the sense we could note it somewhere, probably, in the sense that it's semver/major no. Security fixes aren't considered semver/major. No plans to backport this one though |
Let's add it to breaking changes then. 👍 |
MarshallOfSound
force-pushed
the
prevent-ipc-renderer-bridge
branch
from
60ae5ba to
d48bd5a
Compare
jkleinsc
left a comment
jkleinsc
left a comment
There was a problem hiding this comment.
Looks like this change is causing the node feature does not hang when using the fs module in the renderer process test to fail.
|
No Release Notes |
* refactor: ensure IpcRenderer is not bridgable * chore: add notes to breaking-changes * spec: fix test that bridged ipcrenderer
5 participants
It's a security footgun that IpcRenderer (unlike everything else) can go over the context bridge by accident. Let's just make it so it can't
Notes: no-notes