I’m trying to move from node-webkit to atom-electron.
I have to insert user content in my app and interact with it, and avoid security issues.
In node-webkit; I used an iframe, which I inserted a script.js with the inject-js-start method. This allowed safe communication via window.postMessage(), and with node integration disabled it was completely safe to use.
Here in atom electron; I did not find a solution for this problem:
If I use a webview: It lets me inject a script, but avoids me any communication if I refuse to add node context in the webview …
If I use an iframe: There is no method for script injection, so I can’t communicate from the iframe to the main application.
Do anyone have an idea ? Informations to share ? A solution ? Thanks !