Add Spec: Enhanced Security Mode #4647
Conversation
tdanielles
changed the title
| /// be set to Strict. | ||
| /// | ||
| /// | ||
| HRESULT GetEnhancedSecurityModeEnforceList( |
There was a problem hiding this comment.
We would normally use Get/Set methods like this to represent an array. It would probably be easier (at least in .NET / WinRT) to use a vector/collection here instead. That should be the mutable collection pattern (see the WebView2 API Patterns doc). In COM that's get_EnhancedSecurityModeEnforceList([out] ICoreWebView2StringCollection** value) - a getter only that returns a mutable collection of strings. In WinRT/MIDL3 this should be Vector EnhancedSecurityModeEnforceList { get; } and in .NET a string collection property.
| if (options.As(&optionsStaging9) == S_OK) | ||
| { | ||
| CHECK_FAILURE(optionsStaging9->put_IsEnhancedSecurityModeEnabled( | ||
| m_EnhancedSecurityModeEnabled ? TRUE : FALSE)); |
There was a problem hiding this comment.
The C# & C++ sample code needs to match in logic. The C# always sets the IsESMEnabled to a constant while this does not.
| { | ||
| CoreWebView2EnvironmentOptions options = new CoreWebView2EnvironmentOptions(); | ||
| // Disable IsEnhancedSecurityModeEnabled by default to reduce impact on performance | ||
| options.IsEnhancedSecurityModeEnabled = false; |
There was a problem hiding this comment.
We don't want to show sample code setting a property to its already default value because it implies that the default is the 'true' here even though its not.
| } | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
The sample code should show the end dev how to perform a real scenario they may want to do in their app and in the way we imagine the feature should be used. In this sample code it looks like you let the end user edit everything which makes it hard to tell how to use the feature especially hard to tell what the form is of the strings added to the ESM lists.
I would guess that one scenario for the feature is the feature is turned on, its set to strict, and a URI filter for some things that are trusted and known to have perf issues are added. I would think that's the sort of common / recommended case for this feature? If so, then a sample should do that.
No description provided.