Security in NW.js
Node and Normal Frames
There are two kinds of frames in NW.js: node frame and normal frame.
Node frames have following extra capabilities than normal frames:
- Access Node.js / NW.js APIs
- Access extended DOM features, such as save as dialog, nwUserAgent attribute etc.
- Bypass all security restrictions, such as sandboxing, same origin policy etc. For example, you can make cross origin XHR to any remote sites, or access to
srcpoints to remote sites in node frames.
In NW.js, frames matching ALL of the following criterias will be a node frame:
truein manifest file
- URL of windows and frames matching
node-remotepatterns in manifest file or
- Frames or parent frames NOT having
- Frames or parent frames NOT in