XSS in Electron Apps: Risks, Tradeoffs, and Defenses
Electron gives web developers a fast path to desktop apps. That speed comes with a nasty tradeoff: an XSS bug in Electron can become a local code execution bug if you wire things carelessly. That’s the core difference from browser-only XSS. In a normal website, XSS usually means session theft, UI redressing, or data exfiltration. In Electron, XSS can cross the line into filesystem access, shell execution, credential theft, and full app compromise. ...