top | item 25333040

(no title)

oskarsv | 5 years ago

there are different levels of security for ElectronJS, some, like in this case are not enough.

I think it will take a long time before we can call ElectronJS secure. there are regular sandbox escapes and that is from what we know publicly

discuss

untog|5 years ago

The OP is asking for more detail than “not enough”, though:

“Can it escape the Chromium renderer sandbox? Or is that sandbox disabled?”

oskarsv|5 years ago

to simplify - no it’s not enabled

the real answer is more complicated as it is not necessarily a global setting and depends on what you call a “sandbox”

unknown|5 years ago

[deleted]