- Go 66.2%
- JavaScript 11.9%
- HTML 10.5%
- Objective-C 4.2%
- NSIS 1.8%
- Other 5.4%
b97ca22a48
This commit addresses a critical security issue identified by CodeRabbit where the sudo flag-skipping logic could be bypassed to execute arbitrary commands (e.g., "sudo -u apt bash -c malicious_command"). Changes: - Add allowedCommands whitelist for package managers - Add allowedSudoCommands whitelist for commands after sudo/pkexec/doas - Implement isCommandAllowed() with secure validation that rejects any sudo invocation with flags before the command - Add comprehensive test cases including bypass attack scenarios The fix follows CodeRabbit's recommendation to not attempt parsing sudo flags, instead requiring the package manager to immediately follow the privilege escalation command. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .github | ||
| assets/images | ||
| docs | ||
| mkdocs-website/docs/en | ||
| scripts | ||
| v2 | ||
| v3 | ||
| website | ||
| .all-contributorsrc | ||
| .coderabbit.yaml | ||
| .gitignore | ||
| .prettierignore | ||
| .prettierrc.yml | ||
| AGENTS.md | ||
| CHANGELOG.md | ||
| CNAME | ||
| CONTRIBUTING.md | ||
| CONTRIBUTORS.md | ||
| IOS_ARCHITECTURE.md | ||
| LICENSE | ||
| qodana.yaml | ||
| README.de.md | ||
| README.es.md | ||
| README.fr.md | ||
| README.ja.md | ||
| README.ko.md | ||
| README.md | ||
| README.pt-br.md | ||
| README.ru.md | ||
| README.tr.md | ||
| README.uz.md | ||
| README.zh-Hans.md | ||
| SECURITY.md | ||
| Taskfile.yaml | ||
| test-changelog-extraction.sh | ||
| test-ios-compile.sh | ||
| test-version-logic.sh | ||
| test-workflow.md | ||
Build desktop applications using Go & Web Technologies.
Table of Contents
- Table of Contents
- Introduction
- Features
- Getting Started
- Sponsors
- FAQ
- Stargazers over time
- Contributors
- License
- Inspiration
Introduction
The traditional method of providing web interfaces to Go programs is via a built-in web server. Wails offers a different approach: it provides the ability to wrap both Go code and a web frontend into a single binary. Tools are provided to make this easy for you by handling project creation, compilation and bundling. All you have to do is get creative!
Features
- Use standard Go for the backend
- Use any frontend technology you are already familiar with to build your UI
- Quickly create rich frontends for your Go programs using pre-built templates
- Easily call Go methods from Javascript
- Auto-generated Typescript definitions for your Go structs and methods
- Native Dialogs & Menus
- Native Dark / Light mode support
- Supports modern translucency and "frosted window" effects
- Unified eventing system between Go and Javascript
- Powerful cli tool to quickly generate and build your projects
- Multiplatform
- Uses native rendering engines - no embedded browser!
Roadmap
The project roadmap may be found here. Please consult it before creating an enhancement request.
Getting Started
The installation instructions are on the official website.
Sponsors
This project is supported by these kind people / companies:
FAQ
-
Is this an alternative to Electron?
Depends on your requirements. It's designed to make it easy for Go programmers to make lightweight desktop applications or add a frontend to their existing applications. Wails does offer native elements such as menus and dialogs, so it could be considered a lightweight electron alternative.
-
Who is this project aimed at?
Go programmers who want to bundle an HTML/JS/CSS frontend with their applications, without resorting to creating a server and opening a browser to view it.
-
What's with the name?
When I saw WebView, I thought "What I really want is tooling around building a WebView app, a bit like Rails is to Ruby". So initially it was a play on words (Webview on Rails). It just so happened to also be a homophone of the English name for the Country I am from. So it stuck.
Stargazers over time
Contributors
The contributors list is getting too big for the readme! All the amazing people who have contributed to this project have their own page here.
License
Inspiration
This project was mainly coded to the following albums:
- Manic Street Preachers - Resistance Is Futile
- Manic Street Preachers - This Is My Truth, Tell Me Yours
- The Midnight - Endless Summer
- Gary Newman - Savage (Songs from a Broken World)
- Steve Vai - Passion & Warfare
- Ben Howard - Every Kingdom
- Ben Howard - Noonday Dream
- Adwaith - Melyn
- Gwidaith Hen Fran - Cedors Hen Wrach
- Metallica - Metallica
- Bloc Party - Silent Alarm
- Maxthor - Another World
- Alun Tan Lan - Y Distawrwydd