Spelled out more limitations to the webview

CHANGELOG.md

@@ -6,7 +6,9 @@
 Reviewed security with:
 * [Electron Security](https://www.electronjs.org/docs/tutorial/security)
 * [Doyensec Electron Security Checklist](https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security-wp.pdf)
+* [Doyensec Electronegativity](https://github.com/doyensec/electronegativity)
 * [Quasar Electron Security Concerns](https://quasar.dev/quasar-cli/developing-electron-apps/electron-security-concerns)
+* [Reasonably Secure Electron](https://know.bishopfox.com/research/reasonably-secure-electron)
 * [SNYK.io](https://snyk.io/) vulnerability scan [![Known Vulnerabilities](https://snyk.io/test/github/mrstallion/fchat-rising/badge.svg)](https://snyk.io/test/github/mrstallion/fchat-rising)
 
 

chat/preview/ImagePreview.vue

@@ -13,7 +13,7 @@
         <webview
             preload="./preview/assets/browser.pre.js"
             src="about:blank"
-            webpreferences="autoplayPolicy=no-user-gesture-required,contextIsolation,sandbox,disableDialogs,disableHtmlFullScreenWindowResize,enableWebSQL=no,nodeIntegration=no"
+            webpreferences="autoplayPolicy=no-user-gesture-required,contextIsolation,sandbox,disableDialogs,disableHtmlFullScreenWindowResize,webSecurity,enableWebSQL=no,nodeIntegration=no,nativeWindowOpen=no,nodeIntegrationInWorker=no,nodeIntegrationInSubFrames=no,webviewTag=no"
             enableremotemodule="false"
             allowpopups="false"
             nodeIntegration="false"

electron/main.ts

@@ -290,6 +290,7 @@ function showPatchNotes(): void {
     electron.shell.openExternal('https://github.com/mrstallion/fchat-rising/blob/master/CHANGELOG.md'); //tslint:disable-line:no-floating-promises
 }
 
+
 function onReady(): void {
     log.transports.file.level = 'debug';
     log.transports.console.level = 'debug';