encrypt0r icon indicating copy to clipboard operation
encrypt0r copied to clipboard
verified publisher icon kunalnagar

Electron.js Version Upgrade

Open masood opened this issue 2 years ago • 0 comments

Thank you for designing the encrypt0r Desktop Application and for making it available open source. The application uses an older version of Electron. The framework recommends that updated versions of the framework be used to take advantage of secure defaults and security fixes. [Link]

Additionally, while the app may need nodeIntegration=true and contextIsolation=false, it can be made more secure with the use of sandbox=true, which will be the default preference when upgraded to a newer version of Electron.js

Finally, the app can benefit from blocking all attempts to navigate away (will-navigate) and to open new windows (setWindowOpenHandler()) as a precautionary measure.

Platform(s) Affected: MacOS, Windows, Linux

— Mir Masood Ali, PhD student, University of Illinois at Chicago Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago Chris Kanich, Associate Professor, University of Illinois at Chicago Jason Polakis, Associate Professor, University of Illinois at Chicago

masood avatar Oct 25 '23 22:10 masood