undefined | Better HN

0 pointssmashed2y ago0 comments

> both electron shells. also come with their sandbox already.

Not sure about the 2 specific apps posted, but web applications packaged as electron apps often do so in order to easily escape the normal browser sandbox without having to prompt for permissions? Or even call into native code which would be impossible from a web app.

I would not think that because an app is electron based, it is sandboxed from your system.

Ideally if you can run the same app under your normal web browser, you'd be fine. I see many people install the Slack app for example, but the web version works just as well within the full browser sandbox.

0 comments

c-hendricks2y ago

You're correct. In fact, they can even let webpages break out of the sandbox. So, some random JS loaded from the web can now compromise your system.

The person you're replying to is quite mistaken.

j / k navigate · click thread line to collapse