Update 'readme.md'
This commit is contained in:
parent
6fff5c3cb8
commit
210e13021d
14
readme.md
14
readme.md
|
@ -60,17 +60,17 @@ debian, other
|
||||||
- Obviously, executing arbitrary Javascript from around the web is never going
|
- Obviously, executing arbitrary Javascript from around the web is never going
|
||||||
to be completely safe, however the following steps have been taken to ensure
|
to be completely safe, however the following steps have been taken to ensure
|
||||||
the saftey of the host machine:
|
the saftey of the host machine:
|
||||||
- All websites have a maximum time in which they have to load their
|
- All websites have a maximum time in which they have to load their
|
||||||
content (default 2s) and execute any scripts (default 2s)
|
content (default 2s) and execute any scripts (default 2s)
|
||||||
- When running outside of a Docker container, all renderer processes
|
- When running outside of a Docker container, all renderer processes
|
||||||
will be run inside the Chromium sandbox
|
will be run inside the Chromium sandbox
|
||||||
(https://github.com/chromium/chromium/blob/master/docs/linux/sandboxing.md)
|
(https://github.com/chromium/chromium/blob/master/docs/linux/sandboxing.md)
|
||||||
- When running inside of a Docker container, the entire program is
|
- When running inside of a Docker container, the entire program is
|
||||||
running inside a Docker container (as an unprivileged user).
|
running inside a Docker container (as an unprivileged user).
|
||||||
- Nodejs integration is disabled in all renderer processes
|
- Nodejs integration is disabled in all renderer processes
|
||||||
- Context isolation is enabled in all reneder processes
|
- Context isolation is enabled in all reneder processes
|
||||||
- Any request for browser permissions is automatically denied
|
- Any request for browser permissions is automatically denied
|
||||||
- Any request to create a new window is automatically denied
|
- Any request to create a new window is automatically denied
|
||||||
- Essentially, in theory, the machine hosting hellgate should not be at any
|
- Essentially, in theory, the machine hosting hellgate should not be at any
|
||||||
more risk than a regular web broser. However, security vulnerabilities
|
more risk than a regular web broser. However, security vulnerabilities
|
||||||
exists, and no software is perfect, not Docker, not Chromium, not Linux not
|
exists, and no software is perfect, not Docker, not Chromium, not Linux not
|
||||||
|
|
Loading…
Reference in New Issue