adbenitez
commented
2 years ago would be good to open html messages the same way than webxdc apps, in a dedicated window, with remote content loading blocked by default like on Android
Closed Simon-Laux closed 1 year ago
adbenitez
commented
2 years ago would be good to open html messages the same way than webxdc apps, in a dedicated window, with remote content loading blocked by default like on Android
Simon-Laux
commented
2 years ago this issue is more about the main window, but sure would make sense for those windows too.
Electron grants every web permission by default. we should block the ones we don't need as a precaution. I did this in #2530 for the webxdc windows and I think it makes sense to restrict the other windows too.
see https://www.electronjs.org/docs/latest/tutorial/security#5-handle-session-permission-requests-from-remote-content