You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Electron best practices talk about implementing validation of IPC messages, however they do not provide a standardised method of doing so.
It's possible that an advanced XSS could trigger IPC invocations, so checking that they were triggered from the right location and appropriately would further harden security from theoretical attacks.
Describe the solution you'd like
Upon IPC main invocation (from ipcrenderer invoke to ipcmain handle), verify that the request is legitimate.
Describe alternatives you've considered
Take additional steps to harden app to theoretical XSS, reducing need for IPC message validation.
Is your feature request related to a problem? Please describe.
Electron best practices talk about implementing validation of IPC messages, however they do not provide a standardised method of doing so.
It's possible that an advanced XSS could trigger IPC invocations, so checking that they were triggered from the right location and appropriately would further harden security from theoretical attacks.
Describe the solution you'd like
Upon IPC main invocation (from ipcrenderer invoke to ipcmain handle), verify that the request is legitimate.
Describe alternatives you've considered
Take additional steps to harden app to theoretical XSS, reducing need for IPC message validation.
Additional context
Related electron issue: electron/electron#33517
The text was updated successfully, but these errors were encountered: