undefined | Better HN

0 pointssigzero8y ago0 comments

"As long as you don't load untrusted code or content..."

Because end users are soooo good at that?

0 comments

They're referring to the application developer.

If the developer uses Electron only to open the application's own html files and doesn't render user-provided HTML anywhere, then there won't be any XSS vulnerabilities.

j / k navigate · click thread line to collapse

0 pointssigzero8y ago0 comments

"As long as you don't load untrusted code or content..."

Because end users are soooo good at that?

0 comments

AgentME8y ago

They're referring to the application developer.

If the developer uses Electron only to open the application's own html files and doesn't render user-provided HTML anywhere, then there won't be any XSS vulnerabilities.

j / k navigate · click thread line to collapse