rspec/rules/S7071/javascript/rule.adoc

== Why is this an issue?

include::../rationale.adoc[]

include::../impact.adoc[]

== How to fix it

=== Code examples

==== Noncompliant code example

Setting the `sandbox` property of `webPreferences` to false or setting 
`nodeIntegration` to true will result in a configuration that will not be sandboxed.

[source,javascript,diff-id=1,diff-type=noncompliant]
----
const win = new BrowserWindow({
    webPreferences: {
        sandbox: false // Noncompliant
    }
})
----

[source,javascript,diff-id=2,diff-type=noncompliant]
----
const win = new BrowserWindow({
    webPreferences: {
        nodeIntegration: true // Noncompliant
    }
})
----

==== Compliant solution

[source,javascript,diff-id=1,diff-type=compliant]
----
const win = new BrowserWindow({
    webPreferences: {
        sandbox: true
    }
})
----

[source,javascript,diff-id=2,diff-type=compliant]
----
const win = new BrowserWindow({
    webPreferences: {
        nodeIntegration: false
    }
})
----

=== How does this work?

In the compliant examples `sandbox` or `nodeIntegration` are explicitly 
set to their secure value. It is also sufficient to not set any of these 
properties since they will default to secure values.

//=== Pitfalls

//=== Going the extra mile


== Resources

include::../common/resources/docs.adoc[]

//=== Articles & blog posts
//=== Conference presentations
//=== Standards
//=== External coding guidelines
//=== Benchmarks


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

=== Highlighting
Highlight the new BrowserWindow() call.

'''
== Comments And Links
(visible only on this page)

endif::env-github,rspecator-view[]