Join GitHub today
NOTE: some content in this wiki applies only to 0.12 and earlier versions. For official documentation on 0.13 and later, see http://docs.nwjs.io
node-webkit adds Node.js support and enhancement in DOM for trusted code and content. For untrusted code and content, it should remain in a normal
iframe, which is the same as the one in browser. So there are 2 kinds of frames in node-webkit:
Node frame and
As application developer, one should keep in mind that contents should be loaded in correct frames.
Which frames are Node frames and which are not?
- iframes that have the attribute
nwdisableare normal frames. (NOTE:
nwfaketopattribute should be specified with
nwdisable. The reason is in https://github.com/rogerwang/node-webkit/issues/534)
- Local files, [app protocol](App protocol) frames (or remote sites when URL matches the
node-remotefield) are Node frames. (
nodejsfield should not be set to false in this case)
- Frames opened with
window.openare normal frames when these flags are set:
What can Node frames do?
- Node support: access to
- Universal access to other frames: this can get around all cross-domain security checks defined in DOM.
X-Frame-Optionsheaders for child frames.
- Others listed in [Changes to DOM](Changes to dom)
nwdisable is added in 0.5.0 rc2;
nwfaketop is added in 0.5.1