Closed aral closed 5 years ago
Hi @aral.
Good point. Right now, nodeIntegration
is not disabled and so everything written in those documents apply.
In our case electron-har
is used to gather data from the sources we control in pretty restrictive environments and so it hasn't been a problem for us, but I understand that might not be the case for everyone. We'll need to upgrade Electron & apply the recommendation you linked. Until then, I'll add a link to this issue in the README.
Thank you!
Fixed in 0.3.0.
Given:
How much of a security risk is running electron-har and what steps could be taken to minimise risk of arbitrary code execution?
At the very least, we should link to the warning(s) on the Electron site, above.