Really, Ben? It will be exploited once - and you have XSS...buth with OS access as sweet bonus. I do not understand how ppl do not think about security of frameworks at the first place.
It has been actively exploited in security-oriented messaging apps like Signal Desktop. So it has a history of ab(using) this PoC. And I'm not really sure that most people who download random plugins with 0 history of security audits to their electron-based editors, have their environments sandboxed for the sake of potential incident.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Really, Ben? It will be exploited once - and you have XSS...buth with OS access as sweet bonus. I do not understand how ppl do not think about security of frameworks at the first place.
I'm not necessarily speaking about the concept of touch-screen-oriented dev tools.
YesโElectron brings resource management and security concerns. I see it more as proof of concept in a way.
It has been actively exploited in security-oriented messaging apps like Signal Desktop. So it has a history of ab(using) this PoC. And I'm not really sure that most people who download random plugins with 0 history of security audits to their electron-based editors, have their environments sandboxed for the sake of potential incident.