alt Hacker NewsI'm wondering about security for this sort of thing. I guess it's like node.js in the sense that while you could load JavaScript code downloaded from the Internet at runtime, you probably shouldn't? Any additional gotchas due to the web view?
Replies
merlindru • today at 11:46 AM
no real gotchas. JS is slightly dangerous because of JS, yes. You should never fetch things at runtime to execute if possible - instead, you install absolutely everything you need with npm or bun, and it gets inlined at build time
electrobun ships with an RPC (i think it also does some encryption?) so as long as you use that to communicate between your webview and bun "host process" you should be safe.
The business logic of your app is running in the Main process using Bun runtime. The website you load or the app's frontend is running in a separate sandboxed Renderer process. When I run Electrobun app on macOS, I see that it launches the following processes with the following RAM usage:
- views://mainview (33.7MB) <- your frontend is running here
- react-tailwind-vite-dev Networking (5.4MB)
- react-tail wind-vite-dev Graphics and Media (16.7MB)
- react-tailwind-vite-dev (60.7MB)