Skip to content

sudhakar3697/electron-renderer-CSP-sample

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
README.md
README.md
 
 
index.html
index.html
 
 
index_csp_nounce.html
index_csp_nounce.html
 
 
main.js
main.js
 
 
package.json
package.json
 
 
renderer.js
renderer.js
 
 

Repository files navigation

electron-renderer-CSP-sample

Running JS in electron renderers with CSP (https://stackoverflow.com/questions/58230686/run-non-inline-js-locally-in-electron)

References

https://github.com/electron/electron/blob/master/docs/tutorial/security.md#6-define-a-content-security-policy https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src

https://stackoverflow.com/a/42924000/12167785 (nonce- cryptographic number used once)

https://w3c.github.io/webappsec-csp/#external-hash ( Allowing external JavaScript via hashes) https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity (Subresource Integrity-SRI)
https://report-uri.com/home/hash (Script And Style Hasher)

Note: When generating the hash, don't include the <script> or <style> tags and note that capitalization and whitespace matter, including leading or trailing whitespace

About

Running JavaScript in electron renderers with CSP (https://stackoverflow.com/questions/58230686/run-non-inline-js-locally-in-electron)

Topics

electron renderer content-security-policy

Resources

Readme
Activity

Stars

9 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 2

  •  
  •  

Languages