Skip to content

Electron: Process Sandbox #30

New issue
New issue
Open
Open
Electron: Process Sandbox#30
@xwcoder

Description

@xwcoder
xwcoder
opened on Jun 12, 2023

Electron: Process Sandbox

Sandbox

  • For a long time, Electron has allowed direct use of Node.js APIs in renderer process.

    IMAGE

  • Since Electron 20, the sandbox is enabled for renderer process.

  • In sandbox, renderer process could not use Node.js APIs, that means renderer process can’t access to most system resources, it can only freely use CPU cycles and memory, like javascript runs in Chrome web page.

  • The sandbox can be configured.

Preload scripts

In order to allow renderer processes to communicate with the main process, Electron provides preload scripts that can access a subset of Node.js APIs and a subset of Electron in renderer process.

  • electron (only renderer process modules)
  • events
  • timers
  • url
  • Pollyfills some Node.js primitives as global: Buffer, process, clearImmediate, setImmediate

Configure the sandbox

The sandbox can be configured.

  • Disable the sandbox for a single renderer process by setting sandbox: false

    const win = new BrowserWindow({
  webPreferences: {
    sandbox: false
  }
})
win.loadURL('https://google.com')

  • Disable the sandbox for a single renderer process by setting nodeIntegration: true

    const win = new BrowserWindow({
  webPreferences: {
    nodeIntegration: true
  }
})
win.loadURL('https://google.com')

  • Enable the sandbox globally

    // Before the app's ready event
app.enableSandbox()

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions