no-electron-insecure-permission-request-handler

Disallow Electron permission request handlers that blanket-allow permissions.

Targeted pattern scope

Electron permission handlers that blanket-allow permission requests.

What this rule reports

setPermissionRequestHandler callbacks that unconditionally callback(true) or return true.

Why this rule exists

Blindly granting permissions can expose camera, microphone, clipboard, and notification abuse vectors.

❌ Incorrect

session.defaultSession.setPermissionRequestHandler(
 (wc, permission, callback) => {
  callback(true);
 }
);

✅ Correct

session.defaultSession.setPermissionRequestHandler(
 (wc, permission, callback) => {
  callback(permission === "notifications");
 }
);

ESLint flat config example

import sdl from "eslint-plugin-sdl-2";

export default [
 {
  plugins: { sdl },

  rules: {
   "sdl/no-electron-insecure-permission-request-handler": "error",
  },
 },
];

When not to use it

Disable only if the runtime has a reviewed permission policy that intentionally allows a constrained set of requests.

Package documentation

Rule source

Targeted pattern scope​

What this rule reports​

Why this rule exists​

❌ Incorrect​

✅ Correct​

ESLint flat config example​

When not to use it​

Package documentation​

Further reading​