plug a few electron-remote-related security holes.

dbadb · dbadb · commit 21f1fff39933 · 2020-06-16T13:08:23.000-07:00
diff --git a/_todo.md b/_todo.md
@@ -27,6 +27,11 @@
 
 #### logging
 
+#### filesystem
+
+* eliminate dependency on electron remote module.
+* migrate filebrowser to html File, etc..
+
 #### drawing/rendering
 
 * custom mouse cursors
diff --git a/src/app/app.js b/src/app/app.js
@@ -24,8 +24,6 @@ export default class ImguiApp
         this.runtime = (window.process && window.process.type) ? "electron" 
                         : (window.cordova) ? "cordova" : "browser";
         this.filesystem = new FileSystem(this.runtime);
-        this.fs = this.filesystem.fs;
-        this.path = this.filesystem.path;
         this.canvas = document.getElementById("AppCanvas");
         if(!this.canvas)
         {
diff --git a/src/app/filesystem.js b/src/app/filesystem.js
@@ -48,9 +48,15 @@ export class FileSystem
         if(runtime == "electron")
         {
             // we use window.require to trick webpack for electron
+            /* we don't want to use remote package since it's 
+             * deprecated.
+             */
+
+            /*
             let remote = window.require("electron").remote;
             this.fs = remote.require("fs");
             this.path = window.require("path"); 
+            */
             this.isWindows = navigator && 
                             (navigator.platform.indexOf("Win32") != -1);
         }

Original file line number	Diff line number	Diff line change
`@@ -24,8 +24,6 @@ export default class ImguiApp`
`24`	`24`	`this.runtime = (window.process && window.process.type) ? "electron"`
`25`	`25`	`: (window.cordova) ? "cordova" : "browser";`
`26`	`26`	`this.filesystem = new FileSystem(this.runtime);`
`27`		`- this.fs = this.filesystem.fs;`
`28`		`- this.path = this.filesystem.path;`
`29`	`27`	`this.canvas = document.getElementById("AppCanvas");`
`30`	`28`	`if(!this.canvas)`
`31`	`29`	`{`