Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature Request]: Consistent use of Node's parser for URLs in examples in docs #33192

Open
3 tasks done
cchartmann opened this issue Mar 8, 2022 · 1 comment
Open
3 tasks done

Comments

@cchartmann
Copy link

@cchartmann cchartmann commented Mar 8, 2022

Preflight Checklist

Problem Description

In docs/tutorial/security at "13. Disable or limit navigation" it is recommended to use Node's parser for URLs.
https://github.com/electron/electron/blob/main/docs/tutorial/security.md#13-disable-or-limit-navigation

i suggest to follow this recommendation in "5. Handle session permission requests from remote content" so that users can copy the code there in their own code. At the moment forgetting that the trailing / is necessary would enable attackers to use URLs like "https://example.com.attacker.com".
https://github.com/electron/electron/blob/main/docs/tutorial/security.md#5-handle-session-permission-requests-from-remote-content

Proposed Solution

use Node's parser for URLs

Alternatives Considered

Additional Information

No response

@cchartmann cchartmann changed the title [Feature Request]: [Feature Request]: Consistent use of Node's parser for URLs in examples in docs Mar 8, 2022
@Shofiya2003
Copy link

@Shofiya2003 Shofiya2003 commented Mar 10, 2022

I would like to work on this issue. Is someone working on it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants