YouTube's website does not need access to require(), and it's good security to drop unnecessary capabilities.
With nodeIntegration left enabled, it opens up the possibility for the YouTube website to read or write files on the local filesystem or do anything else NodeJS can do. While it's extremely unlikely that would ever happen, it's still a good idea to keep a remotely-loaded website properly sandboxed.
Access to the Electron ipcRenderer is still provided via window.ipc.
YouTube's website does not need access to
require()
, and it's good security to drop unnecessary capabilities.With
nodeIntegration
left enabled, it opens up the possibility for the YouTube website to read or write files on the local filesystem or do anything else NodeJS can do. While it's extremely unlikely that would ever happen, it's still a good idea to keep a remotely-loaded website properly sandboxed.Access to the Electron
ipcRenderer
is still provided viawindow.ipc
.