Y
Hacker News
new
|
ask
|
show
|
jobs
by
aegarbutt
2966 days ago
In Electron, all file:/// URIs share an origin. Using `script-src: 'self'` isn't much of a boundary.
1 comments
f2n
2966 days ago
So let's say I'm able to run HTML in Signal Desktop. How do I include an arbitrary script without getting the user to download the script first?
link
aegarbutt
2966 days ago
If I remember correctly, on Windows you can reference file://<IP-Address>/path/to/file
Thanks SMB / UNC Paths.
link
aegarbutt
2966 days ago
For reference:
https://github.com/electron/electron/issues/5151
link