top | item 32417883

(no title)

bacan | 3 years ago

In-App browsers have always been a security nightmare. Similar issues exist with Electron apps as well.

But developers continue to use them as HTML + CSS + JS is the easiest way to develop a graphical dynamic UI, for a newbie. Many schools & colleges even teach basic HTML, CSS & JS, so the barrier to entry is very low.

I am not sure what a good solution here would be, but maybe we could start by limiting access. Or another way could be to have some way to convert the rendered UI to compiled binary code

discuss

xfitm3|3 years ago

Good call out on Electron apps, I try to avoid Electron as much as possible. I use Slack's web interface for example.

I never made the connection until you brought it up, but yes, Electron apps are just like using Webkit on iOS. Abstracting UI/UX to a browser engine which has identical security pitfalls to a browser but with far less control and inspection capability.