search

bramblex / niva

一个基于 Tauri WRY 跨端 Webview 库的超轻量极易用的跨端应用开发框架。
https://bramblex.github.io/niva/
MIT License
644 stars 35 forks source link

Feature Request: Add api permission control #46

Open SaekiRaku opened 1 year ago

SaekiRaku commented 1 year ago

Public Niva api to window, especially Niva.api.fs, Niva.api.process.exec, etc. Is very dangerous when having XSS attack.

Please consider add api permission control (maybe like Deno Permissions) in niva.json or somewhere else, for those apps that never used api like Niva.api.fs.

Great project, thanks.

bramblex commented 1 year ago

API pression control and XSS protection will both be supported in version v1.0.0.