From 0134d62681e3ee00e731442d302a6cb4b6675539 Mon Sep 17 00:00:00 2001
From: Kevin Sawicki <kevinsawicki@gmail.com>
Date: Wed, 23 Nov 2016 10:23:47 -0800
Subject: [PATCH] Always use guest contents for canAccessWindow check

---
 lib/browser/guest-window-manager.js | 31 +++++++++++++++++------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/lib/browser/guest-window-manager.js b/lib/browser/guest-window-manager.js
index 0c2a433e64..3d920ab54e 100644
--- a/lib/browser/guest-window-manager.js
+++ b/lib/browser/guest-window-manager.js
@@ -138,10 +138,7 @@ const createGuest = function (embedder, url, frameName, options, postData) {
   return setupGuest(embedder, frameName, guest, options)
 }
 
-const getGuestWindow = function (guestId) {
-  const guestContents = webContents.fromId(guestId)
-  if (guestContents == null) return
-
+const getGuestWindow = function (guestContents) {
   let guestWindow = BrowserWindow.fromWebContents(guestContents)
   if (guestWindow == null) {
     const hostContents = guestContents.hostWebContents
@@ -187,27 +184,35 @@ ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_OPEN', function (event, url, fr
 })
 
 ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_CLOSE', function (event, guestId) {
-  const guestWindow = getGuestWindow(guestId)
-  if (guestWindow == null) return
+  const guestContents = webContents.fromId(guestId)
+  if (guestContents == null) return
 
-  if (canAccessWindow(event.sender, guestWindow.webContents)) {
-    guestWindow.destroy()
-  } else {
+  if (!canAccessWindow(event.sender, guestContents)) {
     console.error(`Blocked ${event.sender.getURL()} from closing its opener.`)
+    return
   }
+
+  const guestWindow = getGuestWindow(guestContents)
+  if (guestWindow != null) guestWindow.destroy()
 })
 
 ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_METHOD', function (event, guestId, method, ...args) {
-  const guestWindow = getGuestWindow(guestId)
-  if (guestWindow == null) {
+  const guestContents = webContents.fromId(guestId)
+  if (guestContents == null) {
     event.returnValue = null
     return
   }
 
-  if (canAccessWindow(event.sender, guestWindow.webContents)) {
+  if (!canAccessWindow(event.sender, guestContents)) {
+    console.error(`Blocked ${event.sender.getURL()} from calling ${method} on its opener.`)
+    event.returnValue = null
+    return
+  }
+
+  const guestWindow = getGuestWindow(guestContents)
+  if (guestWindow != null) {
     event.returnValue = guestWindow[method].apply(guestWindow, args)
   } else {
-    console.error(`Blocked ${event.sender.getURL()} from calling ${method} on its opener.`)
     event.returnValue = null
   }
 })