i18n(zh-cn): Add security overview page #3219
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
i18n
✅ Deploy Preview for tauri-v2 ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
xubeiyan
reviewed
Apr 3, 2025
|
|
||
| import { CardGrid, LinkCard } from '@astrojs/starlight/components'; | ||
|
|
||
| 本页面旨在解释 Tauri 设计和生态系统核心的高级概念和安全特性,这些特性默认情况下能让你、你的应用程序和用户更加安全。 |
There was a problem hiding this comment.
Suggested change
| 本页面旨在解释 Tauri 设计和生态系统核心的高级概念和安全特性,这些特性默认情况下能让你、你的应用程序和用户更加安全。 | |
| 本页面旨在解释 Tauri 设计和生态系统核心的高级概念和安全特性,这些特性默认情况下能让你和构建的应用程序以及它们的用户更加安全。 |
xubeiyan
reviewed
Apr 3, 2025
|
|
||
| 本页面旨在解释 Tauri 设计和生态系统核心的高级概念和安全特性,这些特性默认情况下能让你、你的应用程序和用户更加安全。 | ||
|
|
||
| 本页面还包括最佳实践建议、如何向我们报告漏洞,以及详细概念说明的参考。 |
There was a problem hiding this comment.
Suggested change
| 本页面还包括最佳实践建议、如何向我们报告漏洞,以及详细概念说明的参考。 | |
| 本页面还包括最佳实践建议,如何向我们报告漏洞,以及详细概念说明的参考。 |
There was a problem hiding this comment.
use comma(,) instead Chinese serial comma
xubeiyan
reviewed
Apr 3, 2025
| 对跨越边界传递的所有数据进行严格检查与明确定义,是防止信任边界违规的关键。 | ||
| 若这些边界间的数据传递缺乏访问控制,攻击者将极易通过此漏洞提升并滥用权限。 | ||
|
|
||
| [IPC层(进程间通信层)](/concept/inter-process-communication/) 作为两个信任组之间的通信桥梁,并确保信任边界不被破坏。 |
There was a problem hiding this comment.
Suggested change
| [IPC层(进程间通信层)](/concept/inter-process-communication/) 作为两个信任组之间的通信桥梁,并确保信任边界不被破坏。 | |
| [IPC 层(进程间通信层)](/zh-cn/concept/inter-process-communication/) 作为两个信任组之间的通信桥梁,并确保信任边界不被破坏。 |
xubeiyan
reviewed
Apr 3, 2025
| Tauri 的设计思路是依赖操作系统自带的 WebView 组件,而非将其捆绑到应用程序的二进制文件中。 | ||
|
|
||
| 这背后存在多重原因,但从安全角度来看,最关键的因素是: | ||
| 从发布WebView的安全补丁版本到实际部署至应用程序终端用户所需的平均耗时。 |
There was a problem hiding this comment.
Suggested change
| 从发布WebView的安全补丁版本到实际部署至应用程序终端用户所需的平均耗时。 | |
| 从发布 WebView 的安全补丁版本到实际部署至应用程序终端用户所需的平均耗时。 |
xubeiyan
reviewed
Apr 3, 2025
Comment on lines
+76
to
+77
| 我们观察到,WebView软件包维护者与操作系统软件包维护者平均修补并发布安全更新的WebView | ||
| 版本的速度,显著快于直接将WebView捆绑到应用程序中的开发者。 |
There was a problem hiding this comment.
Suggested change
| 我们观察到,WebView软件包维护者与操作系统软件包维护者平均修补并发布安全更新的WebView | |
| 版本的速度,显著快于直接将WebView捆绑到应用程序中的开发者。 | |
| 我们观察到,WebView 软件包维护者与操作系统软件包维护者平均修补并发布安全更新的 WebView 版本的速度,显著快于直接将 WebView 捆绑到应用程序中的开发者。 |
xubeiyan
reviewed
Apr 3, 2025
|
|
||
| Tauri 组织不仅维护 Tauri 主仓库,还提供其他工具与资源。为确保构建合理安全的多平台应用框架,我们在安全性和跨平台支持上投入了更多努力。 | ||
|
|
||
| 若需深入了解我们如何保障开发流程的安全性、您可参考或实施的安全措施、应用程序可能面临的已知威胁,以及我们未来的改进与强化计划,请查阅以下文档: |
There was a problem hiding this comment.
Suggested change
| 若需深入了解我们如何保障开发流程的安全性、您可参考或实施的安全措施、应用程序可能面临的已知威胁,以及我们未来的改进与强化计划,请查阅以下文档: | |
| 若需深入了解我们如何保障开发流程的安全性,您可参考或实施的安全措施,应用程序可能面临的已知威胁,以及我们未来的改进与强化计划,请查阅以下文档: |
xubeiyan
reviewed
Apr 3, 2025
Comment on lines
+99
to
+100
| 如果您认为 Tauri 或本组织其他代码库中的任何内容存在安全疑虑或漏洞, **请勿公开讨论或披露您的发现,** | ||
| 而应直接联系我们的安全团队。 |
There was a problem hiding this comment.
Suggested change
| 如果您认为 Tauri 或本组织其他代码库中的任何内容存在安全疑虑或漏洞, **请勿公开讨论或披露您的发现,** | |
| 而应直接联系我们的安全团队。 | |
| 如果您认为 Tauri 或本组织其他代码库中的任何内容存在安全疑虑或漏洞,**请勿公开讨论或披露您的发现**,而应直接联系我们的安全团队。 |
xubeiyan
reviewed
Apr 3, 2025
|
|
||
| {/* 我们建议的漏洞披露方式是通过受影响代码库的GitHub漏洞披露功能提交。虽然我们大多数代码库已启用该功能,但若您不确定,请通过Tauri主仓库提交报告。 */} | ||
| 我们建议的漏洞披露方式是通过受影响代码库的 [GitHub漏洞披露功能提交](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) | ||
| 虽然我们大多数代码库已启用该功能,但若您不确定,请通过 [Tauri仓库提交报告](https://github.com/tauri-apps/tauri/security/advisories/new)。 |
There was a problem hiding this comment.
Suggested change
| 虽然我们大多数代码库已启用该功能,但若您不确定,请通过 [Tauri仓库提交报告](https://github.com/tauri-apps/tauri/security/advisories/new)。 | |
| 虽然我们大多数代码库已启用该功能,但若您不确定,请通过 [Tauri 仓库提交报告](https://github.com/tauri-apps/tauri/security/advisories/new)。 |
xubeiyan
suggested changes
Apr 3, 2025
github-project-automation
bot
moved this from 🪵 Backlog
to 🏗️ In progress
in Documentation
xubeiyan
reviewed
Apr 3, 2025
| 而应直接联系我们的安全团队。 | ||
|
|
||
| {/* 我们建议的漏洞披露方式是通过受影响代码库的GitHub漏洞披露功能提交。虽然我们大多数代码库已启用该功能,但若您不确定,请通过Tauri主仓库提交报告。 */} | ||
| 我们建议的漏洞披露方式是通过受影响代码库的 [GitHub漏洞披露功能提交](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) |
There was a problem hiding this comment.
Suggested change
| 我们建议的漏洞披露方式是通过受影响代码库的 [GitHub漏洞披露功能提交](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) | |
| 我们建议的漏洞披露方式是通过受影响代码库的 [GitHub 漏洞披露功能提交](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) |
xubeiyan
suggested changes
Apr 3, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add Chinese translation to the security overview page.