Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: remove unsafe eval section of security tutorial #15675

Merged
merged 2 commits into from
Nov 12, 2018
Merged

docs: remove unsafe eval section of security tutorial #15675

merged 2 commits into from
Nov 12, 2018

Conversation

codebytere
Copy link
Member

@codebytere codebytere commented Nov 11, 2018
edited by MarshallOfSound

Description of Change

Closes #12929.

Removes Override and disable eval from our security tutorial.

/cc @MarshallOfSound

Checklist

  • PR description included and stakeholders cc'd
  • npm test passes
  • relevant documentation is changed or added
  • PR title follows semantic commit guidelines

Release Notes

Notes: remove unsafe eval section of security tutorial, a good CSP is better and covers more cases

@codebytere codebytere requested a review from a team November 11, 2018 03:12
@codebytere codebytere merged commit c9d0960 into master Nov 12, 2018
@release-clerk
Copy link

release-clerk bot commented Nov 12, 2018

Release Notes Persisted

remove unsafe eval section of security tutorial, a good CSP is better and covers more cases

@codebytere codebytere deleted the rem-eval-warning branch November 12, 2018 16:13
@trop trop bot mentioned this pull request Nov 12, 2018
Merged
@trop
Copy link
Contributor

trop bot commented Nov 12, 2018

I have automatically backported this PR to "4-0-x", please check out #15685

@brunolemos
Copy link
Contributor

brunolemos commented Dec 29, 2018
edited

Electron 4.0.0 stills shows the warning about the unsafe-eval and send users to the docs and there's no info about this in the docs. What should users do exactly?

I overwrote the window.eval like old docs mentioned but I still get the warning. If I run window.eval() on console.log it was overwritten correctly.

@nornagon
Copy link
Member

nornagon commented Jan 2, 2019

We should remove the warning from the code.

@nornagon
Copy link
Member

nornagon commented Jan 2, 2019

... Actually, I think you're confusing the recommendation to set the unsafe-eval CSP with the recommend to disable the eval function by overriding it. The latter has never had a warning message associated with it in the renderer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MarshallOfSound MarshallOfSound MarshallOfSound approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@codebytere @brunolemos @nornagon @MarshallOfSound