Validate IPC messages #265
Description
Is your feature request related to a problem? Please describe.
Electron best practices talk about implementing validation of IPC messages, however they do not provide a standardised method of doing so.
It's possible that an advanced XSS could trigger IPC invocations, so checking that they were triggered from the right location and appropriately would further harden security from theoretical attacks.
Describe the solution you'd like
Upon IPC main invocation (from ipcrenderer invoke to ipcmain handle), verify that the request is legitimate.
Describe alternatives you've considered
Take additional steps to harden app to theoretical XSS, reducing need for IPC message validation.
Additional context
Related electron issue: electron/electron#33517