Disable "node integration" (technical)
dot-mike opened this issue · comments
"Node integration" is a flag you pass whenever you create a Browser Window. It determines if the scripts running in the browser window should have access to node.js's APIs (io, system etc.).
Note: This is not a security risk under current circumstances.
Line 370 in f878ab8
Ref. https://trello.com/c/BKlKbnjZ/100-disable-node-integration-technical
Can this feature break any plugins? Disabling node integration is nice because then plugins can't be malicious and rely on Node.JS APIs to modify stuff on the host computer (unless I misunderstood something about Electron?).
Do we have to rewrite the code base, or is this just a toggle thing?