Security in NW.js

Node and Normal Frames

There are two kinds of frames in NW.js: node frame and normal frame.

Node frames have following extra capabilities than normal frames:

  • Access Node.js / NW.js APIs
  • Access extended DOM features, such as save as dialog, nwUserAgent attribute etc.
  • Bypass all security restrictions, such as sandboxing, same origin policy etc. For example, you can make cross origin XHR to any remote sites, or access to <iframe> element whose src points to remote sites in node frames.

In NW.js, frames matching ALL of the following criterias will be a node frame: