mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

Always use guest contents for canAccessWindow check

Browse source
This commit is contained in:
Kevin Sawicki 2016-11-23 10:23:47 -08:00
parent 0799317ff5
commit 0134d62681
1 changed files with 18 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

31
lib/browser/guest-window-manager.js
View file

@ -138,10 +138,7 @@ const createGuest = function (embedder, url, frameName, options, postData) {
return setupGuest(embedder, frameName, guest, options) return setupGuest(embedder, frameName, guest, options)
} }
const getGuestWindow = function (guestId) { const getGuestWindow = function (guestContents) {
const guestContents = webContents.fromId(guestId)
if (guestContents == null) return
let guestWindow = BrowserWindow.fromWebContents(guestContents) let guestWindow = BrowserWindow.fromWebContents(guestContents)
if (guestWindow == null) { if (guestWindow == null) {
const hostContents = guestContents.hostWebContents const hostContents = guestContents.hostWebContents
@ -187,27 +184,35 @@ ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_OPEN', function (event, url, fr
}) })
ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_CLOSE', function (event, guestId) { ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_CLOSE', function (event, guestId) {
const guestWindow = getGuestWindow(guestId) const guestContents = webContents.fromId(guestId)
if (guestWindow == null) return if (guestContents == null) return
if (canAccessWindow(event.sender, guestWindow.webContents)) { if (!canAccessWindow(event.sender, guestContents)) {
guestWindow.destroy()
} else {
console.error(`Blocked ${event.sender.getURL()} from closing its opener.`) console.error(`Blocked ${event.sender.getURL()} from closing its opener.`)
return
} }
const guestWindow = getGuestWindow(guestContents)
if (guestWindow != null) guestWindow.destroy()
}) })
ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_METHOD', function (event, guestId, method, ...args) { ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_METHOD', function (event, guestId, method, ...args) {
const guestWindow = getGuestWindow(guestId) const guestContents = webContents.fromId(guestId)
if (guestWindow == null) { if (guestContents == null) {
event.returnValue = null event.returnValue = null
return return
} }
if (canAccessWindow(event.sender, guestWindow.webContents)) { if (!canAccessWindow(event.sender, guestContents)) {
console.error(`Blocked ${event.sender.getURL()} from calling ${method} on its opener.`)
event.returnValue = null
return
}
const guestWindow = getGuestWindow(guestContents)
if (guestWindow != null) {
event.returnValue = guestWindow[method].apply(guestWindow, args) event.returnValue = guestWindow[method].apply(guestWindow, args)
} else { } else {
console.error(`Blocked ${event.sender.getURL()} from calling ${method} on its opener.`)
event.returnValue = null event.returnValue = null
} }
}) })