Skip to content

Improve electron security #428

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

Improve electron security #428

wants to merge 4 commits into from

Conversation

@Madman10K
Copy link
Member

@Madman10K Madman10K commented Oct 27, 2025
edited
Loading

We're violating many electron security guidelines right now. Sure, it's bad for security, but it also restricts us in terms of what electron dependencies we can use in some cases(previous issues with updating node dependencies from June/May(?)) and it also restricts us in terms of our future electron bundling.

Therefore, I'm making this PR. The goals of this PR are:

  • Remove inline CSS from HTML files
  • Disable webviews
  • Prevent opening new windows or popups
  • Disable window navigation(changing the page, for example, when clicking on a link)
  • Remove executing JS across render and main processes
  • Remove uses of the file:// protocol
  • Remove inline JS from HTML files
  • Disable web node integration
  • Enable context isolation
  • Enable sandboxing
  • Disable running insecure content
  • Enable web security
  • Set a secure content security policy

@Madman10K Madman10K self-assigned this Oct 27, 2025
@Madman10K Madman10K added enhancement New feature or request frontend Any issues regarding the GUI frontend security labels Oct 27, 2025
@Madman10K
refactor(frontend): security improvements - remove inline style from …
3df9e2a 
…HTML file, remove inline JS eval from main process, add additional security restrictions
@Madman10K
refactor(electron): enable web security and disable running insecure …
98b9f81 
…content
@Madman10K Madman10K force-pushed the improve-electron-security branch from a5c84c6 to 98b9f81 Compare October 31, 2025 15:49
@Madman10K Madman10K force-pushed the improve-electron-security branch from 8cb492c to ff2601e Compare October 31, 2025 19:18
@Madman10K
security(electron): added content security policy and moved inline js…
4bca2c5 
… out of html files + small refactoring and reformatting
@Madman10K Madman10K force-pushed the improve-electron-security branch from ff2601e to 4bca2c5 Compare October 31, 2025 19:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Madman10K Madman10K

Labels

enhancement New feature or request frontend Any issues regarding the GUI frontend security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Madman10K