[B! Electron] ama-chã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

ama-ch id:ama-ch

Electronã«é–¢ã™ã‚‹ama-chã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (4)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

React/Fluxãƒ™ãƒ¼ã‚¹ã®Electronã‚¢ãƒ—ãƒªã‚’ãƒªãƒ¢ãƒ¼ãƒˆãƒãƒ¼ãƒ ã§é–‹ç™ºã—ãŸè©±
FRONTEND CONFERENCE 2017 ã«ã¦ã€ - ãƒªãƒ¢ãƒ¼ãƒˆãƒãƒ¼ãƒ ã§ç¤¾å†…ãƒãƒƒã‚«ã‚½ãƒ³ã‚’ã‚„ã£ãŸã‚¨ãƒ”ã‚½ãƒ¼ãƒ‰ - ãã®æ™‚ã«ä½¿ã£ãŸãƒ•ãƒãƒ³ãƒˆæŠ€è¡“ã®ç´¹ä»‹ ã‚’ç™ºè¡¨ã—ãŸæ™‚ã®è³‡æ–™ã§ã™ã€‚
ama-ch 2017/03/25
flux

react

Electron

cybozu
ãƒªãƒ³ã‚¯
iframe sandbox ã¯ä¸‡èƒ½ã§ã¯ãªã„ - è‘‰ã£ã±æ—¥è¨˜
HTML5ã§å°Žå…¥ã•ã‚ŒãŸiframeè¦ç´ ã®sandboxå±žæ€§ã¯ã€ãã®iframeå†…ã®ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã«å¯¾ã—JavaScriptã®å®Ÿè¡Œã‚’å§‹ã‚æ§˜ã€…ãªåˆ¶ç´„ã‚’èª²ã™ã“ã¨ã§ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã®å‘ä¸Šã«å½¹ç«‹ã¤æ©Ÿèƒ½ã§ã‚ã‚‹ã€‚ä¾‹ãˆã°ã€ä»¥ä¸‹ã®ã‚ˆã†ã«æŒ‡å®šã•ã‚ŒãŸiframeã§ã¯ã€iframeå†…ã‹ã‚‰formã®submitãªã©ã¯ã§ãã‚‹ãŒã€iframeå†…ã§ã®JavaScriptã®å®Ÿè¡Œã‚„target=_blankãªã©ã«ã‚ˆã£ã¦ã‚¦ã‚£ãƒ³ãƒ‰ã‚¦ã‚’é–‹ãã“ã¨ãªã©ã¯ç¦æ¢ã•ã‚Œã‚‹ã€‚ <iframe sandbox="allow-forms" src="..."></iframe> sandboxå±žæ€§ã«æ˜Žç¤ºçš„ã« allow-scripts ã¨ã„ã†å€¤ã‚’æŒ‡å®šã—ãªã„é™ã‚Šã¯iframeå†…ã§ã¯ç›´æŽ¥çš„ã«ã¯JavaScriptã¯å®Ÿè¡Œã§ããªã„ãŒã€ã‹ã¨ã„ã£ã¦iframeå†…ã‹ã‚‰é–“æŽ¥çš„ã«JavaScriptã‚’å¿…ãšã—ã‚‚å®Ÿè¡Œã•ã›ã‚‹ã“ã¨ãŒä¸å¯èƒ½ã‹ã¨ã„ã†ã¨ãã†ã§ã‚‚ãªã„ã€‚ sandboxå±žæ€§
ama-ch 2016/01/12
security

Electron

iframe
ãƒªãƒ³ã‚¯
Electronã§ã‚¢ãƒ—ãƒªã‚’æ›¸ãå ´åˆã¯ã€æ°—åˆã„ã¨æ ¹æ€§ã§XSSã‚’ç™ºç”Ÿã•ã›ãªã„ã‚ˆã†ã«ã—ãªã‘ã‚Œã°ãªã‚‰ãªã„ã€‚ - è‘‰ã£ã±æ—¥è¨˜
ãã®ã†ã¡ã‚‚ã†å°‘ã—ãã¡ã‚“ã¨æ›¸ãã¾ã™ãŒã€ã¨ã‚Šã‚ãˆãšæ™‚é–“ãŒãªã„ã®ã§çµè«–ã ã‘æ›¸ãã¨ã€ã‚¿ã‚¤ãƒˆãƒ«ãŒå…¨ã¦ã§Electronã§ã‚¢ãƒ—ãƒªã‚’æ›¸ãå ´åˆã¯æ°—åˆã„ã¨æ ¹æ€§ã§XSSã‚’ç™ºç”Ÿã•ã›ãªã„ã‚ˆã†ã«ã—ãªã‘ã‚Œã°ãªã‚‰ãªã„ã€‚ ã“ã‚Œã¾ã§Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ä¸Šã§XSSãŒå˜åœ¨ã—ãŸã¨ã—ã¦ã‚‚ã€å½±éŸ¿ç¯„å›²ã¯ãã®Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®ä¸ã«ç•™ã¾ã‚‹ã®ã§ã€Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®æä¾›å´ãŒãã‚Œã‚’è¨±å®¹ã™ã‚‹ã®ã§ã‚ã‚Œã°XSSã®å˜åœ¨ã«ç›®ã‚’ã¤ã‚€ã‚‹ã“ã¨ã‚‚ã§ããŸã€‚ã—ã‹ã—ã€Electronã‚¢ãƒ—ãƒªã§DOM-based XSSãŒä¸€ã‹æ‰€ã§ã‚‚ç™ºç”Ÿã™ã‚‹ã¨ã€(ãŠãã‚‰ã)ç¢ºå®Ÿã«ä»»æ„ã‚³ãƒ¼ãƒ‰å®Ÿè¡Œã¸ã¨ã¤ãªãŒã‚Šã€åˆ©ç”¨è€…ã®PCã®(ãã®ãƒ¦ãƒ¼ã‚¶ãƒ¼æ¨©é™ã§ã®)å…¨æ©Ÿèƒ½ãŒæ”»æ’ƒè€…ã«ã‚ˆã£ã¦åˆ©ç”¨ã§ãã‚‹ã€‚ ãã®ãŸã‚ã€Electronã§ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚’ä½œæˆã™ã‚‹é–‹ç™ºè€…ã¯æ°—åˆã„ã¨æ ¹æ€§ã§XSSã‚’å®Œå…¨ã«ã¤ã¶ã•ãªã‘ã‚Œã°ãªã‚‰ãªã„ã€‚ nodeIntegration:falseã‚„Content-Security-Pol
ama-ch 2015/12/26
Electron

xss

security
ãƒªãƒ³ã‚¯
NW.js & Electron Compared - TangibleJS
1. This results in a 30% performance hit. It is unclear if it is supported in version 0.13. 2. This is a very weak protection. Itâ€™s basically a TAR archive of all the project files. 3. On a MacBook Pro Retina running Mac OS X.5.5 (Yosem ite). Higher is better. 4. Unzipped.Â Depending on platform and architecture. See details in Jaredâ€™s comment below. 5. This can be done by using the â€œnode-mainâ€ inst
ama-ch 2015/10/16
node-webkit

Electron
ãƒªãƒ³ã‚¯
1