I made an app that reads files and displays them.
I read the docs that I should disable node integration and enable context isolation for better security and also i get a warning that electron will disable node integration by default and enable context isolation in 5.0.0.
EDIT: When node is disabled I get an error : require is not defined. My files are all required in html inside a <script>.
I also mention that I'm new to electron.
How can I use my files with node integration disabled?
How can I use my files with node integration disabled?
If your files require Node, then you can't. Turn node integration on.
You should disable node integration only if you don't need Node since disabling it will reduce the attack surface. Also Principle of least privilege.
If you need to use require in your script, then don't disable Node integration.
That being said, you can disable node integration and supply a preload script to your webview tag, which will let you expose specific Node APIs to that script only. (If you need to require modules in your file though, it sounds like you'd need to keep Node enabled).
Electron's Security page says the following (emphasis added):
Under no circumstances should you load and execute remote code with Node.js integration enabled. Instead, use only local files (packaged together with your application) to execute Node.js code. To display remote content, use the
<webview>tag and make sure to disable thenodeIntegration.
Note: you should disable Node for remote content. If you're loading your own page, then it's fine to keep Node integration on.
