From 0252d7686ce19c04f711d82f63590ff51bb5efc1 Mon Sep 17 00:00:00 2001
From: Cheng Zhao <zcbenz@github.com>
Date: Tue, 16 Oct 2018 18:10:03 +0900
Subject: [PATCH] fix: do not enable node integration in child window if not
 enabled (#15076)

---
 atom/browser/web_contents_preferences.cc      |  2 ++
 atom/renderer/atom_renderer_client.cc         | 10 +++++++
 patches/common/chromium/.patches.yaml         |  9 +++++++
 patches/common/chromium/web_preferences.patch | 26 +++++++++++++++++++
 4 files changed, 47 insertions(+)
 create mode 100644 patches/common/chromium/web_preferences.patch

diff --git a/atom/browser/web_contents_preferences.cc b/atom/browser/web_contents_preferences.cc
index fd0112d6b7b..fc4bd0dc11a 100644
--- a/atom/browser/web_contents_preferences.cc
+++ b/atom/browser/web_contents_preferences.cc
@@ -405,6 +405,8 @@ void WebContentsPreferences::OverrideWebkitPrefs(
   std::string encoding;
   if (GetAsString(&preference_, "defaultEncoding", &encoding))
     prefs->default_encoding = encoding;
+
+  prefs->node_integration = IsEnabled(options::kNodeIntegration);
 }
 
 }  // namespace atom
diff --git a/atom/renderer/atom_renderer_client.cc b/atom/renderer/atom_renderer_client.cc
index e2ddfbde244..4243fec81ac 100644
--- a/atom/renderer/atom_renderer_client.cc
+++ b/atom/renderer/atom_renderer_client.cc
@@ -16,6 +16,7 @@
 #include "atom/renderer/atom_render_frame_observer.h"
 #include "atom/renderer/web_worker_observer.h"
 #include "base/command_line.h"
+#include "content/public/common/web_preferences.h"
 #include "content/public/renderer/render_frame.h"
 #include "native_mate/dictionary.h"
 #include "third_party/blink/public/web/web_document.h"
@@ -86,6 +87,15 @@ void AtomRendererClient::DidCreateScriptContext(
   if (!render_frame->IsMainFrame() && !IsDevToolsExtension(render_frame))
     return;
 
+  // Don't allow node integration if this is a child window and it does not have
+  // node integration enabled.  Otherwise we would have memory leak in the child
+  // window since we don't clean up node environments.
+  //
+  // TODO(zcbenz): We shouldn't allow node integration even for the top frame.
+  if (!render_frame->GetWebkitPreferences().node_integration &&
+      render_frame->GetWebFrame()->Opener())
+    return;
+
   injected_frames_.insert(render_frame);
 
   // Prepare the node bindings.
diff --git a/patches/common/chromium/.patches.yaml b/patches/common/chromium/.patches.yaml
index 8385f26d314..81b372d8eae 100644
--- a/patches/common/chromium/.patches.yaml
+++ b/patches/common/chromium/.patches.yaml
@@ -536,3 +536,12 @@ patches:
   description:  |
     Temporarily add additional debugging statements to
     generate_breakpad_symbols.py to determine why it is hanging.
+-
+  author: zcbenz <zcbenz@gmail.com>
+  file: web_preferences.patch
+  description: |
+    Add a node_integration field to WebPreferences so we can determine whether
+    a frame has node integration in renderer process.
+
+    This is required by the nativeWindowOpen option, which put multiple main
+    frames in one renderer process.
diff --git a/patches/common/chromium/web_preferences.patch b/patches/common/chromium/web_preferences.patch
new file mode 100644
index 00000000000..ea6b1986152
--- /dev/null
+++ b/patches/common/chromium/web_preferences.patch
@@ -0,0 +1,26 @@
+diff --git a/content/public/common/common_param_traits_macros.h b/content/public/common/common_param_traits_macros.h
+index 57f03dc..7c4409e 100644
+--- a/content/public/common/common_param_traits_macros.h
++++ b/content/public/common/common_param_traits_macros.h
+@@ -198,6 +198,7 @@ IPC_STRUCT_TRAITS_BEGIN(content::WebPreferences)
+   IPC_STRUCT_TRAITS_MEMBER(animation_policy)
+   IPC_STRUCT_TRAITS_MEMBER(user_gesture_required_for_presentation)
+   IPC_STRUCT_TRAITS_MEMBER(text_track_margin_percentage)
++  IPC_STRUCT_TRAITS_MEMBER(node_integration)
+   IPC_STRUCT_TRAITS_MEMBER(save_previous_document_resources)
+   IPC_STRUCT_TRAITS_MEMBER(text_autosizing_enabled)
+   IPC_STRUCT_TRAITS_MEMBER(double_tap_to_zoom_enabled)
+diff --git a/content/public/common/web_preferences.h b/content/public/common/web_preferences.h
+index 78cbf5f..b33ac28 100644
+--- a/content/public/common/web_preferences.h
++++ b/content/public/common/web_preferences.h
+@@ -222,6 +222,9 @@ struct CONTENT_EXPORT WebPreferences {
+   // Cues will not be placed in this margin area.
+   float text_track_margin_percentage;
+ 
++  // Electron: Whether the frame has node integration.
++  bool node_integration = false;
++
+   bool immersive_mode_enabled;
+ 
+   bool text_autosizing_enabled;