11

In order to get jQuery to load and function correctly in a HTML page I was opening in Electron (formerly Atom Shell), I had to disable Node integration when creating the BrowserWindow in my main.js file.

Can someone please tell me what setting node-integration: false will keep me from being able to do that I would normally be able to do had I not disabled it?

Daniel A. White
  • 187,200
  • 47
  • 362
  • 445
Bryan
  • 2,205
  • 1
  • 23
  • 43

1 Answers1

6

Setting node-integration to false will disable node.js in the renderer process - i.e. your app can only do what a web browser will do. Instead of doing this, use Zepto.js which is compatible with Electron and has the same API.

Ana Betts
  • 73,868
  • 16
  • 141
  • 209
  • Thanks Paul for the answer. Unfortunately I cannot use Zepto.js at the point in time because Twitter Bootstrap isn't fully compatible with it (at least not until v4). I take your answer to mean doing things like `var ipc = require('ipc')` in the web page will no longer work with `node-integration: false`, correct? – Bryan Apr 25 '15 at 11:39
  • 2
    Correct, everything involving `require` is out the door. jQuery is probably easy enough to patch to get working, I would do that. This is a common occurrence with Electron, JS developers are used to "Either DOM _or_ require", and Electron is a DOM environment *with* require, and many libraries Get Confused. It's usually a 1-2 line fix though. – Ana Betts Apr 25 '15 at 23:21
  • 1
    Being new to node AND Electron, I am unsure what "node.js in the renderer process" means and I haven't found anything explaining it on the Electron documentation. Do you mean that the Electron modules available, like the module `electron` would not be available? How would one, in that case, talk to the main process? – Eric Majerus May 30 '16 at 23:52
  • If you load any dynamic content or render anything user provided this is really bad advice. In those cases you should definitely have the node-integration disabled, otherwise XSS vulnerability will let the attacker to do almost anything on your computer.. – FINDarkside Jun 19 '18 at 09:09
  • 2
    @EricMajerus it means that you can for example import `fs.readFileSync` and actually read the contents of the file on your local drive, from the renderer process. How cool is that? But I wonder about performance implications too, are there any @PaulBetts? – jayarjo Aug 04 '19 at 18:02
  • There are no performance implications, why would you think there would be? – Ana Betts Aug 05 '19 at 07:02