|
|
@@ -91,9 +91,9 @@ const getWebPreferences = function () {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
-const moreInformation = '\nFor more information and help, consult ' +
|
|
|
- 'https://electronjs.org/docs/tutorial/security.\n' +
|
|
|
- 'This warning will not show up once the app is packaged.'
|
|
|
+const moreInformation = `\nFor more information and help, consult
|
|
|
+https://electronjs.org/docs/tutorial/security.\n This warning will not show up
|
|
|
+once the app is packaged.`
|
|
|
|
|
|
module.exports = {
|
|
|
shouldLogSecurityWarnings,
|
|
|
@@ -119,11 +119,10 @@ module.exports = {
|
|
|
return
|
|
|
}
|
|
|
|
|
|
- let warning = 'This renderer process loads resources using insecure protocols. ' +
|
|
|
- 'This exposes users of this app to unnecessary security risks. ' +
|
|
|
- 'Consider loading the following resources over HTTPS or FTPS. \n' +
|
|
|
- resources + '\n' +
|
|
|
- moreInformation
|
|
|
+ const warning = `This renderer process loads resources using insecure
|
|
|
+ protocols.This exposes users of this app to unnecessary security risks.
|
|
|
+ Consider loading the following resources over HTTPS or FTPS. \n ${resources}
|
|
|
+ \n ${moreInformation}`
|
|
|
|
|
|
console.warn('%cElectron Security Warning (Insecure Resources)',
|
|
|
'font-weight: bold;', warning)
|
|
|
@@ -137,10 +136,9 @@ module.exports = {
|
|
|
*/
|
|
|
warnAboutNodeWithRemoteContent: () => {
|
|
|
if (getIsRemoteProtocol()) {
|
|
|
- let warning = 'This renderer process has Node.js integration enabled ' +
|
|
|
- 'and attempted to load remote content. This exposes users of this app to severe ' +
|
|
|
- 'security risks.\n' +
|
|
|
- moreInformation
|
|
|
+ const warning = `This renderer process has Node.js integration enabled
|
|
|
+ and attempted to load remote content. This exposes users of this app to
|
|
|
+ severe security risks.\n ${moreInformation}`
|
|
|
|
|
|
console.warn('%cElectron Security Warning (Node.js Integration with Remote Content)',
|
|
|
'font-weight: bold;', warning)
|
|
|
@@ -162,9 +160,8 @@ module.exports = {
|
|
|
const webPreferences = getWebPreferences()
|
|
|
if (!webPreferences || webPreferences.webSecurity !== false) return
|
|
|
|
|
|
- let warning = 'This renderer process has "webSecurity" disabled. ' +
|
|
|
- 'This exposes users of this app to severe security risks.\n' +
|
|
|
- moreInformation
|
|
|
+ const warning = `This renderer process has "webSecurity" disabled. This
|
|
|
+ exposes users of this app to severe security risks.\n ${moreInformation}`
|
|
|
|
|
|
console.warn('%cElectron Security Warning (Disabled webSecurity)',
|
|
|
'font-weight: bold;', warning)
|
|
|
@@ -180,10 +177,9 @@ module.exports = {
|
|
|
*/
|
|
|
warnAboutInsecureCSP: () => {
|
|
|
if (isUnsafeEvalEnabled()) {
|
|
|
- let warning = 'This renderer process has either no Content Security Policy set ' +
|
|
|
- 'or a policy with "unsafe-eval" enabled. This exposes users of this ' +
|
|
|
- 'app to unnecessary security risks.\n' +
|
|
|
- moreInformation
|
|
|
+ const warning = `This renderer process has either no Content Security
|
|
|
+ Policy set or a policy with "unsafe-eval" enabled. This exposes users of
|
|
|
+ this app to unnecessary security risks.\n ${moreInformation}`
|
|
|
|
|
|
console.warn('%cElectron Security Warning (Insecure Content-Security-Policy)',
|
|
|
'font-weight: bold;', warning)
|
|
|
@@ -199,9 +195,9 @@ module.exports = {
|
|
|
const webPreferences = getWebPreferences()
|
|
|
if (!webPreferences || !webPreferences.allowRunningInsecureContent) return
|
|
|
|
|
|
- let warning = 'This renderer process has "allowRunningInsecureContent" ' +
|
|
|
- 'enabled. This exposes users of this app to severe security risks.\n' +
|
|
|
- moreInformation
|
|
|
+ const warning = `This renderer process has "allowRunningInsecureContent"
|
|
|
+ enabled. This exposes users of this app to severe security risks.\n
|
|
|
+ ${moreInformation}`
|
|
|
|
|
|
console.warn('%cElectron Security Warning (allowRunningInsecureContent)',
|
|
|
'font-weight: bold;', warning)
|
|
|
@@ -219,10 +215,9 @@ module.exports = {
|
|
|
return
|
|
|
}
|
|
|
|
|
|
- let warning = 'This renderer process has "experimentalFeatures" ' +
|
|
|
- 'enabled. This exposes users of this app to some security risk. ' +
|
|
|
- 'If you do not need this feature, you should disable it.\n' +
|
|
|
- moreInformation
|
|
|
+ const warning = `This renderer process has "experimentalFeatures" enabled.
|
|
|
+ This exposes users of this app to some security risk. If you do not need
|
|
|
+ this feature, you should disable it.\n ${moreInformation}`
|
|
|
|
|
|
console.warn('%cElectron Security Warning (experimentalFeatures)',
|
|
|
'font-weight: bold;', warning)
|
|
|
@@ -235,15 +230,15 @@ module.exports = {
|
|
|
*/
|
|
|
warnAboutEnableBlinkFeatures: () => {
|
|
|
const webPreferences = getWebPreferences()
|
|
|
- if (!webPreferences || !webPreferences.enableBlinkFeatures ||
|
|
|
- (webPreferences.enableBlinkFeatures.length && webPreferences.enableBlinkFeatures.length === 0)) {
|
|
|
+ if (webPreferences === null ||
|
|
|
+ !webPreferences.hasOwnProperty('enableBlinkFeatures') ||
|
|
|
+ webPreferences.enableBlinkFeatures.length === 0) {
|
|
|
return
|
|
|
}
|
|
|
|
|
|
- let warning = 'This renderer process has additional "enableBlinkFeatures" ' +
|
|
|
- 'enabled. This exposes users of this app to some security risk. ' +
|
|
|
- 'If you do not need this feature, you should disable it.\n' +
|
|
|
- moreInformation
|
|
|
+ const warning = `This renderer process has additional "enableBlinkFeatures"
|
|
|
+ enabled. This exposes users of this app to some security risk. If you do not
|
|
|
+ need this feature, you should disable it.\n ${moreInformation}`
|
|
|
|
|
|
console.warn('%cElectron Security Warning (enableBlinkFeatures)',
|
|
|
'font-weight: bold;', warning)
|
|
|
@@ -262,10 +257,10 @@ module.exports = {
|
|
|
return
|
|
|
}
|
|
|
|
|
|
- let warning = 'A <webview> has "allowpopups" set to true. ' +
|
|
|
- 'This exposes users of this app to some security risk, since popups are just ' +
|
|
|
- 'BrowserWindows. If you do not need this feature, you should disable it.\n' +
|
|
|
- moreInformation
|
|
|
+ const warning = `A <webview> has "allowpopups" set to true. This exposes
|
|
|
+ users of this app to some security risk, since popups are just
|
|
|
+ BrowserWindows. If you do not need this feature, you should disable it.\n
|
|
|
+ ${moreInformation}`
|
|
|
|
|
|
console.warn('%cElectron Security Warning (allowpopups)',
|
|
|
'font-weight: bold;', warning)
|
Shelley Vohr