CringeStudios/element-desktop
5
0
Fork 0
mirror of https://github.com/CringeStudios/element-desktop.git synced 2025-01-31 05:29:58 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #91 from vector-im/travis/ipc-renderer

Browse Source 
Enforce sandbox on all spawned BrowserWindow objects
This commit is contained in:
Travis Ralston 2020-05-27 10:03:28 -06:00 committed by GitHub
commit d33ce95dd0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/electron-main.js
View File

@ -615,6 +615,17 @@ protocol.registerSchemesAsPrivileged([{
},
}]);
// Turn the sandbox on for *all* windows we might generate. Doing this means we don't
// have to specify a `sandbox: true` to each BrowserWindow.
//
// This also fixes an issue with window.open where if we only specified the sandbox
// on the main window we'd run into cryptic "ipc_renderer be broke" errors. Turns out
// it's trying to jump the sandbox and make some calls into electron, which it can't
// do when half of it is sandboxed. By turning on the sandbox for everything, the new
// window (no matter how temporary it may be) is also sandboxed, allowing for a clean
// transition into the user's browser.
app.enableSandbox();
app.on('ready', async () => {
try {
await setupGlobals();
@ -725,7 +736,7 @@ app.on('ready', async () => {
webPreferences: {
preload: preloadScript,
nodeIntegration: false,
sandbox: true,
//sandbox: true, // We enable sandboxing from app.enableSandbox() above
enableRemoteModule: false,
// We don't use this: it's useful for the preload script to
// share a context with the main page so we can give select