beet icon indicating copy to clipboard operation
beet copied to clipboard
verified publisher icon bitshares

Implement context isolation in electron

Open grctest opened this issue 2 years ago • 1 comments

Is your feature request related to a problem? Please describe.

We're not yet following Electron best practices fully. https://www.electronjs.org/docs/latest/tutorial/context-isolation

Describe the solution you'd like

https://github.com/bitshares/beet/blob/develop/src/background.js#L170 https://github.com/bitshares/beet/blob/develop/src/background.js#L251

Set nodeIntegration and enableRemoteModule to false, and contextIsolation to true.

Adapt renderer to request node/module functions/data through the ipcmain/ipcrenderer pipeline.

Describe alternatives you've considered

Exhaustively prevent XSS in the renderer.

Additional context

Latest BTS NFT Viewer has made these changes: https://github.com/BTS-CM/NFT_Viewer/releases/tag/v1.9.2

And the airdrop tool is about 98% of the way there: https://github.com/BTS-CM/airdrop_tool/tree/context_isolation

The background.js file is likely to significantly bloat due to inheriting code from the renderer.

This is likely a multi-thousand LOC feature request, however it's worthwhile to make the wallet follow best practices.

grctest avatar Aug 29 '23 22:08 grctest

Fully implemented in: https://github.com/beetapp/beeteos

grctest avatar Mar 10 '24 01:03 grctest