security: do not expose electron API to services (#1964)

* security: do not expose electron API to services Service code running the the main world should not have access to any electron API. This still allows recipes from webview.js accessing these APIs through the @electron/remote module and/or the Ferdi object, but webview-unsafe.js and the untrusted code coming from the service will not have any access. Currently, no recipe accesses these APIs in its webview-unsafe.js, so the change should not break any recipes. * Expose electron API through the Ferdi object Instead of the unsafe window.ferdi in the main world, we should expose functionality to recipes through the RecipeWebview class. * Update CHANGELOG.md
author: Kristóf Marussy <kristof@marussy.com> 2021-09-19 00:38:19 +0200
committer: GitHub <noreply@github.com> 2021-09-19 00:38:19 +0200
commit: 40e007d6a4de9b4c0be49eb5f2d4f1706eaf801d (patch)
tree: f4b1a7f0ff2bf54b7d1b7bc1e050e2786fbfd219 /CHANGELOG.md
parent: chore: removed 'first-time-contributors' GH workflow since that is not workin... (diff)
download: ferdium-app-40e007d6a4de9b4c0be49eb5f2d4f1706eaf801d.tar.gz
ferdium-app-40e007d6a4de9b4c0be49eb5f2d4f1706eaf801d.tar.zst
ferdium-app-40e007d6a4de9b4c0be49eb5f2d4f1706eaf801d.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index b7f60e651..7491c3932 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,8 @@
 ### Under the hood
 - Progressing towards converting the whole code base from JS to TS (#1959) 💖 @mhatvan
+- Fix accent color customization (#1963) (#1965) 💖 @kris7t
+- Improved context isolation for sandboxing services (#1964) 💖 @kris7t
 # [v5.6.3-nightly.4](https://github.com/getferdi/ferdi/compare/v5.6.3-nightly.3...v5.6.3-nightly.4) (2021-09-16)
author	Kristóf Marussy <kristof@marussy.com>	2021-09-19 00:38:19 +0200
committer	GitHub <noreply@github.com>	2021-09-19 00:38:19 +0200
commit	40e007d6a4de9b4c0be49eb5f2d4f1706eaf801d (patch)
tree	f4b1a7f0ff2bf54b7d1b7bc1e050e2786fbfd219 /CHANGELOG.md
parent	chore: removed 'first-time-contributors' GH workflow since that is not workin... (diff)
download	ferdium-app-40e007d6a4de9b4c0be49eb5f2d4f1706eaf801d.tar.gz ferdium-app-40e007d6a4de9b4c0be49eb5f2d4f1706eaf801d.tar.zst ferdium-app-40e007d6a4de9b4c0be49eb5f2d4f1706eaf801d.zip

diff --git a/CHANGELOG.md b/CHANGELOG.md index b7f60e651..7491c3932 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md
@@ -3,6 +3,8 @@
3	### Under the hood	3	### Under the hood
4		4
5	- Progressing towards converting the whole code base from JS to TS (#1959) 💖 @mhatvan	5	- Progressing towards converting the whole code base from JS to TS (#1959) 💖 @mhatvan
		6	- Fix accent color customization (#1963) (#1965) 💖 @kris7t
		7	- Improved context isolation for sandboxing services (#1964) 💖 @kris7t
6		8
7	# [v5.6.3-nightly.4](https://github.com/getferdi/ferdi/compare/v5.6.3-nightly.3...v5.6.3-nightly.4) (2021-09-16)	9	# [v5.6.3-nightly.4](https://github.com/getferdi/ferdi/compare/v5.6.3-nightly.3...v5.6.3-nightly.4) (2021-09-16)
8		10