2024-10-03 22:21:54 +00:00
|
|
|
import { app, BrowserWindow, ipcMain } from 'electron/main';
|
|
|
|
|
2019-08-28 20:55:01 +00:00
|
|
|
import { expect } from 'chai';
|
2024-10-03 22:21:54 +00:00
|
|
|
|
|
|
|
import { once } from 'node:events';
|
2023-06-15 14:42:27 +00:00
|
|
|
import * as http from 'node:http';
|
2024-10-03 22:21:54 +00:00
|
|
|
import * as path from 'node:path';
|
|
|
|
|
2023-02-23 23:53:53 +00:00
|
|
|
import { emittedNTimes } from './lib/events-helpers';
|
2023-02-20 11:30:57 +00:00
|
|
|
import { ifdescribe, listen } from './lib/spec-helpers';
|
2024-10-03 22:21:54 +00:00
|
|
|
import { closeWindow } from './lib/window-helpers';
|
2019-01-22 19:24:46 +00:00
|
|
|
|
|
|
|
describe('renderer nodeIntegrationInSubFrames', () => {
|
2019-08-28 20:55:01 +00:00
|
|
|
const generateTests = (description: string, webPreferences: any) => {
|
2019-03-07 22:46:57 +00:00
|
|
|
describe(description, () => {
|
2019-03-15 17:39:20 +00:00
|
|
|
const fixtureSuffix = webPreferences.webviewTag ? '-webview' : '';
|
2019-08-28 20:55:01 +00:00
|
|
|
let w: BrowserWindow;
|
2019-01-22 19:24:46 +00:00
|
|
|
|
|
|
|
beforeEach(async () => {
|
|
|
|
await closeWindow(w);
|
|
|
|
w = new BrowserWindow({
|
|
|
|
show: false,
|
|
|
|
width: 400,
|
|
|
|
height: 400,
|
2019-03-15 17:39:20 +00:00
|
|
|
webPreferences
|
2019-01-22 19:24:46 +00:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2019-08-28 20:55:01 +00:00
|
|
|
afterEach(async () => {
|
|
|
|
await closeWindow(w);
|
|
|
|
w = null as unknown as BrowserWindow;
|
2019-01-22 19:24:46 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
it('should load preload scripts in top level iframes', async () => {
|
2019-06-24 18:41:20 +00:00
|
|
|
const detailsPromise = emittedNTimes(ipcMain, 'preload-ran', 2);
|
2019-03-15 17:39:20 +00:00
|
|
|
w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-container${fixtureSuffix}.html`));
|
2019-01-22 19:24:46 +00:00
|
|
|
const [event1, event2] = await detailsPromise;
|
|
|
|
expect(event1[0].frameId).to.not.equal(event2[0].frameId);
|
|
|
|
expect(event1[0].frameId).to.equal(event1[2]);
|
|
|
|
expect(event2[0].frameId).to.equal(event2[2]);
|
2020-12-09 23:34:06 +00:00
|
|
|
expect(event1[0].senderFrame.routingId).to.equal(event1[2]);
|
|
|
|
expect(event2[0].senderFrame.routingId).to.equal(event2[2]);
|
2019-01-22 19:24:46 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
it('should load preload scripts in nested iframes', async () => {
|
2019-06-24 18:41:20 +00:00
|
|
|
const detailsPromise = emittedNTimes(ipcMain, 'preload-ran', 3);
|
2019-03-15 17:39:20 +00:00
|
|
|
w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-with-frame-container${fixtureSuffix}.html`));
|
2019-01-22 19:24:46 +00:00
|
|
|
const [event1, event2, event3] = await detailsPromise;
|
|
|
|
expect(event1[0].frameId).to.not.equal(event2[0].frameId);
|
|
|
|
expect(event1[0].frameId).to.not.equal(event3[0].frameId);
|
|
|
|
expect(event2[0].frameId).to.not.equal(event3[0].frameId);
|
|
|
|
expect(event1[0].frameId).to.equal(event1[2]);
|
|
|
|
expect(event2[0].frameId).to.equal(event2[2]);
|
|
|
|
expect(event3[0].frameId).to.equal(event3[2]);
|
2020-12-09 23:34:06 +00:00
|
|
|
expect(event1[0].senderFrame.routingId).to.equal(event1[2]);
|
|
|
|
expect(event2[0].senderFrame.routingId).to.equal(event2[2]);
|
|
|
|
expect(event3[0].senderFrame.routingId).to.equal(event3[2]);
|
2019-01-22 19:24:46 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
it('should correctly reply to the main frame with using event.reply', async () => {
|
2019-06-24 18:41:20 +00:00
|
|
|
const detailsPromise = emittedNTimes(ipcMain, 'preload-ran', 2);
|
2019-03-15 17:39:20 +00:00
|
|
|
w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-container${fixtureSuffix}.html`));
|
2019-01-22 19:24:46 +00:00
|
|
|
const [event1] = await detailsPromise;
|
2023-02-23 23:53:53 +00:00
|
|
|
const pongPromise = once(ipcMain, 'preload-pong');
|
2019-01-22 19:24:46 +00:00
|
|
|
event1[0].reply('preload-ping');
|
2021-01-15 00:00:37 +00:00
|
|
|
const [, frameId] = await pongPromise;
|
|
|
|
expect(frameId).to.equal(event1[0].frameId);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should correctly reply to the main frame with using event.senderFrame.send', async () => {
|
|
|
|
const detailsPromise = emittedNTimes(ipcMain, 'preload-ran', 2);
|
|
|
|
w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-container${fixtureSuffix}.html`));
|
|
|
|
const [event1] = await detailsPromise;
|
2023-02-23 23:53:53 +00:00
|
|
|
const pongPromise = once(ipcMain, 'preload-pong');
|
2021-01-15 00:00:37 +00:00
|
|
|
event1[0].senderFrame.send('preload-ping');
|
|
|
|
const [, frameId] = await pongPromise;
|
|
|
|
expect(frameId).to.equal(event1[0].frameId);
|
2019-01-22 19:24:46 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
it('should correctly reply to the sub-frames with using event.reply', async () => {
|
2019-06-24 18:41:20 +00:00
|
|
|
const detailsPromise = emittedNTimes(ipcMain, 'preload-ran', 2);
|
2019-03-15 17:39:20 +00:00
|
|
|
w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-container${fixtureSuffix}.html`));
|
2019-01-22 19:24:46 +00:00
|
|
|
const [, event2] = await detailsPromise;
|
2023-02-23 23:53:53 +00:00
|
|
|
const pongPromise = once(ipcMain, 'preload-pong');
|
2019-01-22 19:24:46 +00:00
|
|
|
event2[0].reply('preload-ping');
|
2021-01-15 00:00:37 +00:00
|
|
|
const [, frameId] = await pongPromise;
|
|
|
|
expect(frameId).to.equal(event2[0].frameId);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should correctly reply to the sub-frames with using event.senderFrame.send', async () => {
|
|
|
|
const detailsPromise = emittedNTimes(ipcMain, 'preload-ran', 2);
|
|
|
|
w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-container${fixtureSuffix}.html`));
|
|
|
|
const [, event2] = await detailsPromise;
|
2023-02-23 23:53:53 +00:00
|
|
|
const pongPromise = once(ipcMain, 'preload-pong');
|
2021-01-15 00:00:37 +00:00
|
|
|
event2[0].senderFrame.send('preload-ping');
|
|
|
|
const [, frameId] = await pongPromise;
|
|
|
|
expect(frameId).to.equal(event2[0].frameId);
|
2019-01-22 19:24:46 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
it('should correctly reply to the nested sub-frames with using event.reply', async () => {
|
2019-06-24 18:41:20 +00:00
|
|
|
const detailsPromise = emittedNTimes(ipcMain, 'preload-ran', 3);
|
2019-03-15 17:39:20 +00:00
|
|
|
w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-with-frame-container${fixtureSuffix}.html`));
|
2019-03-07 22:46:57 +00:00
|
|
|
const [, , event3] = await detailsPromise;
|
2023-02-23 23:53:53 +00:00
|
|
|
const pongPromise = once(ipcMain, 'preload-pong');
|
2019-01-22 19:24:46 +00:00
|
|
|
event3[0].reply('preload-ping');
|
2021-01-15 00:00:37 +00:00
|
|
|
const [, frameId] = await pongPromise;
|
|
|
|
expect(frameId).to.equal(event3[0].frameId);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should correctly reply to the nested sub-frames with using event.senderFrame.send', async () => {
|
|
|
|
const detailsPromise = emittedNTimes(ipcMain, 'preload-ran', 3);
|
|
|
|
w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-with-frame-container${fixtureSuffix}.html`));
|
|
|
|
const [, , event3] = await detailsPromise;
|
2023-02-23 23:53:53 +00:00
|
|
|
const pongPromise = once(ipcMain, 'preload-pong');
|
2021-01-15 00:00:37 +00:00
|
|
|
event3[0].senderFrame.send('preload-ping');
|
|
|
|
const [, frameId] = await pongPromise;
|
|
|
|
expect(frameId).to.equal(event3[0].frameId);
|
2019-01-22 19:24:46 +00:00
|
|
|
});
|
2019-03-07 22:46:57 +00:00
|
|
|
|
|
|
|
it('should not expose globals in main world', async () => {
|
2019-06-24 18:41:20 +00:00
|
|
|
const detailsPromise = emittedNTimes(ipcMain, 'preload-ran', 2);
|
2019-03-15 17:39:20 +00:00
|
|
|
w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-container${fixtureSuffix}.html`));
|
2019-03-07 22:46:57 +00:00
|
|
|
const details = await detailsPromise;
|
|
|
|
const senders = details.map(event => event[0].sender);
|
2020-07-06 17:50:03 +00:00
|
|
|
const isolatedGlobals = await Promise.all(senders.map(sender => sender.executeJavaScript('window.isolatedGlobal')));
|
2019-10-09 17:59:08 +00:00
|
|
|
for (const result of isolatedGlobals) {
|
2021-03-01 21:52:29 +00:00
|
|
|
if (webPreferences.contextIsolation === undefined || webPreferences.contextIsolation) {
|
2019-10-09 17:59:08 +00:00
|
|
|
expect(result).to.be.undefined();
|
|
|
|
} else {
|
|
|
|
expect(result).to.equal(true);
|
|
|
|
}
|
|
|
|
}
|
2019-03-07 22:46:57 +00:00
|
|
|
});
|
2019-01-22 19:24:46 +00:00
|
|
|
});
|
|
|
|
};
|
|
|
|
|
2019-08-28 20:55:01 +00:00
|
|
|
const generateConfigs = (webPreferences: any, ...permutations: {name: string, webPreferences: any}[]) => {
|
|
|
|
const configs = [{ webPreferences, names: [] as string[] }];
|
2023-08-07 09:30:15 +00:00
|
|
|
for (const permutation of permutations) {
|
2019-03-15 17:39:20 +00:00
|
|
|
const length = configs.length;
|
|
|
|
for (let j = 0; j < length; j++) {
|
|
|
|
const newConfig = Object.assign({}, configs[j]);
|
|
|
|
newConfig.webPreferences = Object.assign({},
|
2023-08-07 09:30:15 +00:00
|
|
|
newConfig.webPreferences, permutation.webPreferences);
|
2019-03-15 17:39:20 +00:00
|
|
|
newConfig.names = newConfig.names.slice(0);
|
2023-08-07 09:30:15 +00:00
|
|
|
newConfig.names.push(permutation.name);
|
2019-03-15 17:39:20 +00:00
|
|
|
configs.push(newConfig);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-08-28 20:55:01 +00:00
|
|
|
return configs.map((config: any) => {
|
2019-03-15 17:39:20 +00:00
|
|
|
if (config.names.length > 0) {
|
|
|
|
config.title = `with ${config.names.join(', ')} on`;
|
|
|
|
} else {
|
2020-03-20 15:12:18 +00:00
|
|
|
config.title = 'without anything special turned on';
|
2019-03-15 17:39:20 +00:00
|
|
|
}
|
|
|
|
delete config.names;
|
|
|
|
|
2019-08-28 20:55:01 +00:00
|
|
|
return config as {title: string, webPreferences: any};
|
2019-03-15 17:39:20 +00:00
|
|
|
});
|
|
|
|
};
|
|
|
|
|
2023-08-31 14:36:43 +00:00
|
|
|
const configs = generateConfigs(
|
2019-03-15 17:39:20 +00:00
|
|
|
{
|
|
|
|
preload: path.resolve(__dirname, 'fixtures/sub-frames/preload.js'),
|
|
|
|
nodeIntegrationInSubFrames: true
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: 'sandbox',
|
|
|
|
webPreferences: { sandbox: true }
|
|
|
|
},
|
|
|
|
{
|
2021-03-01 21:52:29 +00:00
|
|
|
name: 'context isolation disabled',
|
|
|
|
webPreferences: { contextIsolation: false }
|
2019-03-15 17:39:20 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
name: 'webview',
|
|
|
|
webPreferences: { webviewTag: true, preload: false }
|
|
|
|
}
|
2023-08-31 14:36:43 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
for (const config of configs) {
|
2019-03-15 17:39:20 +00:00
|
|
|
generateTests(config.title, config.webPreferences);
|
2023-08-31 14:36:43 +00:00
|
|
|
}
|
2019-07-17 00:13:05 +00:00
|
|
|
|
|
|
|
describe('internal <iframe> inside of <webview>', () => {
|
2019-08-28 20:55:01 +00:00
|
|
|
let w: BrowserWindow;
|
2019-07-17 00:13:05 +00:00
|
|
|
|
|
|
|
beforeEach(async () => {
|
|
|
|
await closeWindow(w);
|
|
|
|
w = new BrowserWindow({
|
|
|
|
show: false,
|
|
|
|
width: 400,
|
|
|
|
height: 400,
|
|
|
|
webPreferences: {
|
|
|
|
preload: path.resolve(__dirname, 'fixtures/sub-frames/webview-iframe-preload.js'),
|
|
|
|
nodeIntegrationInSubFrames: true,
|
2021-03-01 21:52:29 +00:00
|
|
|
webviewTag: true,
|
|
|
|
contextIsolation: false
|
2019-07-17 00:13:05 +00:00
|
|
|
}
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2019-08-28 20:55:01 +00:00
|
|
|
afterEach(async () => {
|
|
|
|
await closeWindow(w);
|
|
|
|
w = null as unknown as BrowserWindow;
|
2019-07-17 00:13:05 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
it('should not load preload scripts', async () => {
|
2023-02-23 23:53:53 +00:00
|
|
|
const promisePass = once(ipcMain, 'webview-loaded');
|
|
|
|
const promiseFail = once(ipcMain, 'preload-in-frame').then(() => {
|
2019-07-17 00:13:05 +00:00
|
|
|
throw new Error('preload loaded in internal frame');
|
|
|
|
});
|
|
|
|
await w.loadURL('about:blank');
|
|
|
|
return Promise.race([promisePass, promiseFail]);
|
|
|
|
});
|
|
|
|
});
|
2019-01-22 19:24:46 +00:00
|
|
|
});
|
2019-06-20 10:10:56 +00:00
|
|
|
|
2019-08-28 20:55:01 +00:00
|
|
|
// app.getAppMetrics() does not return sandbox information on Linux.
|
|
|
|
ifdescribe(process.platform !== 'linux')('cross-site frame sandboxing', () => {
|
|
|
|
let server: http.Server;
|
|
|
|
let crossSiteUrl: string;
|
|
|
|
let serverUrl: string;
|
2019-06-20 10:10:56 +00:00
|
|
|
|
2023-02-20 11:30:57 +00:00
|
|
|
before(async function () {
|
2019-06-20 10:10:56 +00:00
|
|
|
server = http.createServer((req, res) => {
|
2019-08-28 20:55:01 +00:00
|
|
|
res.end(`<iframe name="frame" src="${crossSiteUrl}" />`);
|
2019-06-20 10:10:56 +00:00
|
|
|
});
|
2023-02-20 11:30:57 +00:00
|
|
|
serverUrl = (await listen(server)).url;
|
|
|
|
crossSiteUrl = serverUrl.replace('127.0.0.1', 'localhost');
|
2019-06-20 10:10:56 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
after(() => {
|
|
|
|
server.close();
|
2019-08-28 20:55:01 +00:00
|
|
|
server = null as unknown as http.Server;
|
2019-06-20 10:10:56 +00:00
|
|
|
});
|
|
|
|
|
2019-08-28 20:55:01 +00:00
|
|
|
let w: BrowserWindow;
|
2019-06-20 10:10:56 +00:00
|
|
|
|
2019-08-28 20:55:01 +00:00
|
|
|
afterEach(async () => {
|
|
|
|
await closeWindow(w);
|
|
|
|
w = null as unknown as BrowserWindow;
|
2019-06-20 10:10:56 +00:00
|
|
|
});
|
|
|
|
|
2019-08-28 20:55:01 +00:00
|
|
|
const generateSpecs = (description: string, webPreferences: any) => {
|
2019-06-20 10:10:56 +00:00
|
|
|
describe(description, () => {
|
|
|
|
it('iframe process is sandboxed if possible', async () => {
|
|
|
|
w = new BrowserWindow({
|
|
|
|
show: false,
|
|
|
|
webPreferences
|
|
|
|
});
|
|
|
|
|
2019-08-28 20:55:01 +00:00
|
|
|
await w.loadURL(serverUrl);
|
2019-06-20 10:10:56 +00:00
|
|
|
|
|
|
|
const pidMain = w.webContents.getOSProcessId();
|
2020-10-26 03:03:34 +00:00
|
|
|
const pidFrame = w.webContents.mainFrame.frames.find(f => f.name === 'frame')!.osProcessId;
|
2019-06-20 10:10:56 +00:00
|
|
|
|
|
|
|
const metrics = app.getAppMetrics();
|
2019-08-28 20:55:01 +00:00
|
|
|
const isProcessSandboxed = function (pid: number) {
|
2023-08-02 17:43:45 +00:00
|
|
|
const entry = metrics.find(metric => metric.pid === pid);
|
2019-06-20 10:10:56 +00:00
|
|
|
return entry && entry.sandboxed;
|
|
|
|
};
|
|
|
|
|
|
|
|
const sandboxMain = !!(webPreferences.sandbox || process.mas);
|
|
|
|
const sandboxFrame = sandboxMain || !webPreferences.nodeIntegrationInSubFrames;
|
|
|
|
|
|
|
|
expect(isProcessSandboxed(pidMain)).to.equal(sandboxMain);
|
|
|
|
expect(isProcessSandboxed(pidFrame)).to.equal(sandboxFrame);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
};
|
|
|
|
|
|
|
|
generateSpecs('nodeIntegrationInSubFrames = false, sandbox = false', {
|
|
|
|
nodeIntegrationInSubFrames: false,
|
|
|
|
sandbox: false
|
|
|
|
});
|
|
|
|
|
|
|
|
generateSpecs('nodeIntegrationInSubFrames = false, sandbox = true', {
|
|
|
|
nodeIntegrationInSubFrames: false,
|
|
|
|
sandbox: true
|
|
|
|
});
|
|
|
|
|
|
|
|
generateSpecs('nodeIntegrationInSubFrames = true, sandbox = false', {
|
|
|
|
nodeIntegrationInSubFrames: true,
|
|
|
|
sandbox: false
|
|
|
|
});
|
|
|
|
|
|
|
|
generateSpecs('nodeIntegrationInSubFrames = true, sandbox = true', {
|
|
|
|
nodeIntegrationInSubFrames: true,
|
|
|
|
sandbox: true
|
|
|
|
});
|
|
|
|
});
|