Closed Simon-Laux closed 1 year ago
would be good to open html messages the same way than webxdc apps, in a dedicated window, with remote content loading blocked by default like on Android
this issue is more about the main window, but sure would make sense for those windows too.
Electron grants every web permission by default. we should block the ones we don't need as a precaution. I did this in #2530 for the webxdc windows and I think it makes sense to restrict the other windows too.
see https://www.electronjs.org/docs/latest/tutorial/security#5-handle-session-permission-requests-from-remote-content