Enable `contextIsolation` in Electron to securely expose a limited set
of Node.js APIs to the renderer process. It:
1. Isolates renderer and main process contexts. It ensures that the
powerful main process functions aren't directly accessible from
renderer process(es), adding a security boundary.
2. Mitigates remote exploitation risks. By isolating contexts, potential
malicious code injections in the renderer can't directly reach and
compromise the main process.
3. Reduces attack surface.
4. Protect against prototype pollution: It prevents tampering of
JavaScript object prototypes in one context from affecting another
context, improving app reliability and security.
Supporting changes include:
- Extract environment and system operations classes to the infrastructure
layer. This removes node dependencies from core domain and application
code.
- Introduce `ISystemOperations` to encapsulate OS interactions. Use it
from `CodeRunner` to isolate node API usage.
- Add a preloader script to inject validated environment variables into
renderer context. This keeps Electron integration details
encapsulated.
- Add new sanity check to fail fast on issues with preloader injected
variables.
- Improve test coverage of runtime sanity checks and environment
components. Move validation logic into separate classes for Single
Responsibility.
- Improve absent value test case generation.
- Fix a bug (introduced in 1b9be8fe) preventing the tree view from being
visible during a search.
- Fix a minor bug where the scripts view does not render based on the
initial filter.
- Add Vue component tests for `TheScriptView` to prevent regressions.
- Refactor `isSearching` in `TheScriptView` to simplify its logic.
- Switch from deprecated Vue CLI plugin to `electron-vite` (see
nklayman/vue-cli-plugin-electron-builder#1982)
- Update main/preload scripts to use `index.cjs` filenames to support
`"type": "module"`, resolving crash issue (#233). This crash was
related to Electron not supporting ESM (see electron/asar#249,
electron/electron#21457).
- This commit completes migration to Vite from Vue CLI (#230).
Structure changes:
- Introduce separate folders for Electron's main and preload processes.
- Move TypeHelpers to `src/` to mark tit as accessible by the rest of
the code.
Config changes:
- Make `vite.config.ts` reusable by Electron configuration.
- On electron-builder, use `--publish` flag instead of `-p` for clarity.
Tests:
- Add log for preload script loading verification.
- Implement runtime environment sanity checks.
- Enhance logging in `check-desktop-runtime-errors`.
As part of transition to Vue 3.0 and Vite (#230), this commit
facilitates the shift towards building rest of the application using
Vite. By doing so, it eliminates reliance on outdated Electron building
system that offered limited control, blocking desktop builds (#233).
Changes include:
- Introduce Vite with Vue 2.0 plugin for test execution.
- Remove `mocha`, `chai` and other related dependencies.
- Adjust test to Vitest syntax.
- Revise and update `tests.md` to document the changes.
- Add `@modyfi/vite-plugin-yaml` plugin to be able to use yaml file
depended logic on test files, replacing previous webpack behavior.
- Fix failing tests that are revealed by Vitest due to unhandled errors
and lack of assertments.
- Remove the test that depends on Vue CLI populating `process.env`.
- Use `jsdom` for unit test environment, adding it to dependency to
`package.json` as project now depends on it and it was not specified
even though `package-lock.json` included it.
- Remove existing integration tests for hooks as they're redundant after
this change.
- Document the pattern in relevant documentation.
- Introduce `useEnvironment` to increase testability.
- Update components to inject dependencies rather than importing hooks
directly.
This commits fixes an issue where the `REVERT` label on revert toggle
might render as `REVER` or in a similarly clipped manner due to its
fixed width. The problem is visible when certain fonts fail to load or
browser engines render content non-standardly.
Changes:
- Refactor UI component to have its own separate Vue component with unit
tests.
- Rework component design to utilize flexbox, enhancing its adaptability
and simplifying the structure.
- Remove obselete `webkit` directives.
- Refactor SCSS for clearer structure and better SCSS best-practices.
- Use `em` when possible instead of `px` for improved responsiveness.
Introduce a brand new lightweight and efficient modal component. It is
designed to be visually similar to the previous one to not introduce a
change in feel of the application in a patch release, but behind the
scenes it features:
- Enhanced application speed and reduced bundle size.
- New flexbox-driven layout, eliminating JS calculations.
- Composition API ready for Vue 3.0 #230.
Other changes:
- Adopt idiomatic Vue via `v-modal` binding.
- Add unit tests for both the modal and dialog.
- Remove `vue-js-modal` dependency in favor of the new implementation.
- Adjust modal shadow color to better match theme.
- Add `@vue/test-utils` for unit testing.
- Migrate `StatefulVue`:
- Introduce `UseCollectionState` that replaces its behavior and acts
as a shared state store.
- Add more encapsulated, granular functions based on read or write
access to state in CollectionState.
- Some linting rules get activates due to new code-base compability to
modern parses, fix linting errors.
- Rename Dialog to ModalDialog as after refactoring,
eslintvue/no-reserved-component-names does not allow name Dialog.
- To comply with `vue/multi-word-component-names`, rename:
- `Code` -> `CodeInstruction`
- `Handle` -> `SliderHandle`
- `Documentable` -> `DocumentableNode`
- `Node` -> `NodeContent`
- `INode` -> `INodeContent`
- `Responsive` -> `SizeObserver`
- Remove `vue-property-decorator` and `vue-class-component`
dependencies.
- Refactor `watch` with computed properties when possible for cleaner
code.
- Introduce `UseApplication` to reduce repeated code in new components
that use `computed` more heavily than before.
- Change TypeScript target to `es2017` to allow top level async calls
for getting application context/state/instance to simplify the code by
removing async calls. However, mocha (unit and integration) tests do
not run with top level awaits, so a workaround is used.
All outbound links now include `rel="noopener noreferrer"` attribute.
This security improvement prevents the new page from being able to
access the `window.opener` property and ensures it runs in a separate
process.
`rel="noopener"`:
When a new page is opened using `target="_blank"`, the new page runs
on the same process as the originating page, and has a reference to
the originating page `window.opener`. By implementing
`rel="noopener"`, the new page is prevented to use `window.opener`
property.
It's security issue because the newly opened website could
potentially redirect the page to a malicious URL. Even though
privacy.sexy doesn't have any sensitive information to protect, this
can still be a vector for phishing attacks.
`rel="noreferrer"`:
It implies features of `noopener`, and also prevents `Referer` header
from being sent to the new page. Referer headers may include
sensitive data, because they tell the new page the URL of the page
the request is coming from.
- Simplify alternatives to run the script.
- Change style of code parts to be easier to the eye:
- Use the same font size as other texts in body.
- Add vertical padding.
- Align the contents (the code, copy button and dollar sign) in the
middle.
- Align information icon to center of context next to it.
- Fix minor typos and punctations.
- Refactor instruction list to be more generic to able to be used by
other operating systems.
- Make dialogs scrollable so instruction list on smaller screens can be
read until the end.
Rework documentation URLs as inline markdown.
Redesign documentations with markdown text.
Redesign way to document scripts/categories and present the
documentation.
Documentation is showed in an expandable box instead of tooltip. This is
to allow writing longer documentation (tooltips are meant to be used for
short text) and have better experience on mobile.
If a node (script/category) has documentation it's now shown with single
information icon (ℹ) aligned to right.
Add support for rendering documentation as markdown. It automatically
converts plain URLs to URLs with display names (e.g.
https://docs.microsoft.com/..) will be rendered automatically like
"docs.microsoft.com - Windows 11 Privacy...".
- Unify test data for nonexistence of an object/string and collection.
- Introduce more test through adding missing test data to existing tests.
- Improve logic for checking absence of values to match tests.
- Add missing tests for absent value validation.
- Update documentation to include shared test functionality.
- Use function abstractions (such as map, reduce, filter etc.) over
for-of loops to gain benefits of having less side effects and easier
readability.
- Enable `downLevelIterations` for writing modern code with lazy evaluation.
- Refactor for of loops to named abstractions to clearly express their
intentions without needing to analyse the loop itself.
- Add missing cases for changes that had no tests.
Major refactoring using ESLint with rules from AirBnb and Vue.
Enable most of the ESLint rules and do necessary linting in the code.
Also add more information for rules that are disabled to describe what
they are and why they are disabled.
Allow logging (`console.log`) in test files, and in development mode
(e.g. when working with `npm run serve`), but disable it when
environment is production (as pre-configured by Vue). Also add flag
(`--mode production`) in `lint:eslint` command so production linting is
executed earlier in lifecycle.
Disable rules that requires a separate work. Such as ESLint rules that
are broken in TypeScript: no-useless-constructor (eslint/eslint#14118)
and no-shadow (eslint/eslint#13014).
TSLint deprecated and is being replaced by ESLint.
Add Vue CLI plugin (@vue/cli-plugin-eslint) using:
`vue add @vue/cli-plugin-eslint`. It also adds `.eslintrc.js` manually
for Cypress since Vue CLI for ESLint misses it (vuejs/vue-cli#6892).
Also rename `npm run lint:vue` to `npm run lint:eslint` for better
clarification.
This commit disables all rules that the current code is not compliant
with. This allows for enabling them gradually and separating commits
instead of mixing ESLint introduction with other code changes.
AirBnb is chosen as base configuration.
"Standard" is not chosen due to its poor defaults. It makes code cleaner
but harder to maintain:
- It converts interfaces to types which is harder to read.
- Removes semicolons that helps to eliminate some ambigious code.
"Airbnb" on the other hand helps for easier future changes and
maintinability:
- Includes more useful rules.
- Keeps the semicolons and interfaces.
- Enforces trailing commas that makes it easier to delete lines later on.
- Delete branches: standard, prettier.
1. *Grouping* becomes *view*. Because *view* is more clear and extensible than *grouping*. It increases flexibility to extend by e.g. adding *flat* as a new view as discussed in #50, in this case "flat *view*" would make more sense than "flat *grouping*".
2. *None* becomes *tree*. Because *tree* is more descriptive than *none*.
Updates labels on top menu. As labels are updated, the file structure/names are refactored to follow the same concept. `TheScriptsList` is renamed to `TheScriptsView`. Also refactors `ViewChanger` so view types are presented in same way.
Reverting any single of the scripts from standard recommendation pool
shows "Standard" selection as selected which is wrong. This commit fixes
it, refactors selection handling in a separate class and it also adds
missing tests. It removes UserSelection.totalSelected propertty in favor of using
UserSelection.selectedScripts.length to provide unified way of accessing
the information.
Alias would remove unnecessary repetitions and less relative paths make changes easier when moving around files. This commit cleans also up some relative paths ('../../../') by using the alias and orders imports. It updates both path alias in tsconfig and module alias in Vue CLI's bundler (vuejs/vue-cli#2398).
- Move most GUI related code to /presentation
- Move components to /components (separate from bootstrap and style)
- Move shared components helpers to /components/shared
- Rename Bootstrapping to bootstrapping to enforce same naming
convention in /presentation
