From def72535e059ed7fdbf6d54444c512fe17657173 Mon Sep 17 00:00:00 2001 From: yan Date: Tue, 1 Aug 2017 15:32:46 -0700 Subject: [PATCH] remove webSecurity:false in webPreferences and add some comments for security-sensitive code fix https://github.com/brave/browser-laptop/issues/10240 --- app/browser/share.js | 2 +- app/browser/tabs.js | 1 + js/stores/appStore.js | 3 +-- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/browser/share.js b/app/browser/share.js index ff25a2482a6..99e0a35164f 100644 --- a/app/browser/share.js +++ b/app/browser/share.js @@ -8,7 +8,7 @@ const {shell} = require('electron') const tabs = require('./tabs') const templateUrls = { - email: 'mailto:?subject={title}&body={url}', + email: 'mailto:?subject={title}&body={url}', // Do not edit without security review facebook: 'https://www.facebook.com/sharer.php?u={url}', pinterest: 'https://pinterest.com/pin/create/bookmarklet/?url={url}&description={title}', twitter: 'https://twitter.com/intent/tweet?url={url}&text={title}&hashtags=brave', diff --git a/app/browser/tabs.js b/app/browser/tabs.js index 0e6728fc914..905c40ff9e5 100644 --- a/app/browser/tabs.js +++ b/app/browser/tabs.js @@ -706,6 +706,7 @@ const api = { }, executeScriptInBackground: (script, cb) => { + // Do not edit without security review const win = new BrowserWindow({ show: false, webPreferences: { diff --git a/js/stores/appStore.js b/js/stores/appStore.js index 04a72501ba5..44225adac16 100644 --- a/js/stores/appStore.js +++ b/js/stores/appStore.js @@ -313,10 +313,9 @@ function windowDefaults () { minModalWidth: 100, windowOffset: 20, webPreferences: { + // XXX: Do not edit without security review sharedWorker: true, - nodeIntegration: false, partition: 'default', - webSecurity: false, allowFileAccessFromFileUrls: true, allowUniversalAccessFromFileUrls: true }