Closed BmElectro closed 1 year ago
Thanks for taking your time for this PR @BmElectro! I agree, we should ship it with a secure example.
Though exposing ipcRenderer.send
is not safe, with the current setup we can still pass in an arbitrary channel (1st argument), something the docs advise against. So to adhere to the docs, the channel
argument should be hardcoded in the preload. The message
argument can stay.
Besides that, looks good and I'd be happy to merge this PR.
Agreed @Deluze, the open channel argument can be exploited, hardcoding it is better and simpler since this is just an example anyway. I commited the hardcoded version. Also, you are welcome! Felt I gotta contribute something here since this template is a massive timesaver.
Awesome! Thanks for your contribution. Glad this template is of any use :)
Changed the basic included example to satisfy security recommedations by Electron Team in:
Mainly not exposing ipcRenderer.send as it is a security risk.