Skip to content
Critiq Docs

Search docs

Search documentation pages and rules

security.authentication

Validate IPC sender origins in Electron

Privileged ipcMain handlers should validate event.sender origins before acting.

#Metadata

Rule ID
ts.security.electron-missing-ipc-origin-check
Severity
high
Confidence
0.86
Languages
javascript, typescript
Presets
security, strict
Stability
stable
Applies to
block
Tags
electron, ipc, rules-catalog, security

#Why it matters

Missing origin checks let any loaded renderer invoke privileged main-process behavior.

#Remediation

Assert trusted origins or channels before running privileged logic and reject unexpected senders early.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.electron-missing-ipc-origin-check.rule.yaml.

Back to directoryOpen rule in repository