rspec/rules/S7074/javascript/rule.adoc

include::../summary.adoc[]

== Why is this an issue?

include::../rationale.adoc[]

include::../impact.adoc[]

== How to fix it

=== Code examples

To fix the `webSecurity` flag vulnerability in Electron applications, you need to ensure that the `webSecurity` property of `webPreferences` is not false. 
This will enforce security restrictions on web content loaded by your application. 
If the `webSecurity` flag is not explicitly set in your application, it is enabled by default.

==== Noncompliant code example

[source,javascript,diff-id=1,diff-type=noncompliant]
----
const { BrowserWindow } = require('electron');

let mainWindow = new BrowserWindow({
  webPreferences: {
    webSecurity: false // Noncompliant
  }
});
----

==== Compliant solution

[source,javascript,diff-id=1,diff-type=compliant]
----
const { BrowserWindow } = require('electron');

let mainWindow = new BrowserWindow({
  webPreferences: {
    webSecurity: true
  }
});
----

=== How does this work?

In the compliant example, `webSecurity` is explicitly enabled. 
It is also sufficient not to set this property, as it is enabled by default.

//=== Pitfalls

=== Going the extra mile

include::../common/extra-mile/csp.adoc[]

== Resources

include::../common/resources/docs.adoc[]

//=== Articles & blog posts
//=== Conference presentations
//=== Standards
//=== External coding guidelines
//=== Benchmarks

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::../highlighting.adoc[]

'''
== Comments And Links
(visible only on this page)

endif::env-github,rspecator-view[]