在Electron's webview
documentation ,有这个警告:
Electron's webview tag is based on Chromium's webview, which is undergoing dramatic architectural changes. This impacts the stability of webviews, including rendering, navigation, and event routing. We currently recommend to not use the webview tag and to consider alternatives, like iframe, Electron's BrowserView, or an architecture that avoids embedded content altogether.
建议不要使用 webview
,但是 iframe
或 BrowserView
等替代方案都不能满足我的用例 webview
可以。所以我想知道上面的警告是否建议不要使用 webview
only 因为 API 和体系结构将来可能会发生变化,或者 webview< 是否存在任何已知的安全问题
现在?总的来说,我最关心的是:现在使用 webview
(就安全性而言)是否安全?
最佳答案
已回答https://github.com/electron/electron/issues/18187 .
Webviews run in a separate process and have node integration disabled by default, so there shouldn't be any major reason why they're less secure than the alternatives. You'll definitely want to use the
webPreferences
option to enable sandboxing, disable the remote module, enable context isolation, etc. (example for BrowserView).However, there's a fair number of bugs in webviews right now, some recent examples:
Most of these aren't present in BrowserView, so you definitely want to use that instead if it's at all possible to do so.
关于security - 在 Electron 中使用 webview 标签安全吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55805938/