Add support for native chromium popups on sandboxed renderers.

- Allow `api::Window` instances to be created from existing `api::WebContents`. - Override `WebContentsCreated` and `AddNewContents` to wrap renderer-created `content::WebContents` into `api::WebContents`. - For `content::WebContents` that should be displayed in new windows, pass the wrapped `api::WebContents` object to window manager.
2016-08-15 21:13:18 -03:00 · 2016-08-15 21:13:18 -03:00 · 06cc9a44fe
commit 06cc9a44fe
parent 0b3b29938f
6 changed files with 123 additions and 15 deletions
--- a/lib/browser/api/browser-window.js
+++ b/lib/browser/api/browser-window.js
@ -3,6 +3,7 @@
 const {ipcMain} = require('electron')
 const {EventEmitter} = require('events')
 const {BrowserWindow} = process.atomBinding('window')
+const v8Util = process.atomBinding('v8_util')

 Object.setPrototypeOf(BrowserWindow.prototype, EventEmitter.prototype)

@ -26,6 +27,34 @@ BrowserWindow.prototype._init = function () {
    ipcMain.emit('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_OPEN', event, url, frameName, disposition, options)
  })

+  this.webContents.on('-web-contents-created', (event, webContents, url,
+                                                frameName) => {
+    v8Util.setHiddenValue(webContents, 'url-framename', {url, frameName})
+  })
+  // Create a new browser window for the native implementation of
+  // "window.open"(sandbox mode only)
+  this.webContents.on('-add-new-contents', (event, webContents, disposition,
+                                            userGesture, left, top, width,
+                                            height) => {
+    let urlFrameName = v8Util.getHiddenValue(webContents, 'url-framename')
+    if ((disposition !== 'foreground-tab' && disposition !== 'new-window') ||
+        !urlFrameName) {
+      return
+    }
+
+    let {url, frameName} = urlFrameName
+    v8Util.deleteHiddenValue(webContents, 'url-framename')
+    const options = {
+      show: true,
+      x: left,
+      y: top,
+      width: width || 800,
+      height: height || 600,
+      webContents: webContents
+    }
+    ipcMain.emit('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_OPEN', event, url, frameName, disposition, options)
+  })
+
  // window.resizeTo(...)
  // window.moveTo(...)
  this.webContents.on('move', (event, size) => {
--- a/lib/browser/guest-window-manager.js
+++ b/lib/browser/guest-window-manager.js
@ -57,7 +57,30 @@ const createGuest = function (embedder, url, frameName, options) {
  }
  options.webPreferences.openerId = embedder.id
  guest = new BrowserWindow(options)
-  guest.loadURL(url)
+  if (!options.webContents || url !== 'about:blank') {
+    // We should not call `loadURL` if the window was constructed from an
+    // existing webContents(window.open in a sandboxed renderer) and if the url
+    // is not 'about:blank'.
+    //
+    // Navigating to the url when creating the window from an existing
+    // webContents would not be necessary(it will navigate there anyway), but
+    // apparently there's a bug that allows the child window to be scripted by
+    // the opener, even when the child window is from another origin.
+    //
+    // That's why the second condition(url !== "about:blank") is required: to
+    // force `OverrideSiteInstanceForNavigation` to be called and consequently
+    // spawn a new renderer if the new window is targeting a different origin.
+    //
+    // If the URL is "about:blank", then it is very likely that the opener just
+    // wants to synchronously script the popup, for example:
+    //
+    //     let popup = window.open()
+    //     popup.document.body.write('<h1>hello</h1>')
+    //
+    // The above code would not work if a navigation to "about:blank" is done
+    // here, since the window would be cleared of all changes in the next tick.
+    guest.loadURL(url)
+  }

  // When |embedder| is destroyed we should also destroy attached guest, and if
  // guest is closed by user then we should prevent |embedder| from double
@ -72,8 +95,19 @@ const createGuest = function (embedder, url, frameName, options) {
    embedder.send('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_CLOSED_' + guestId)
    embedder.removeListener('render-view-deleted', closedByEmbedder)
  }
-  embedder.once('render-view-deleted', closedByEmbedder)
-  guest.once('closed', closedByUser)
+  if (!options.webPreferences.sandbox) {
+    // These events should only be handled when the guest window is opened by a
+    // non-sandboxed renderer for two reasons:
+    //
+    // - `render-view-deleted` is emitted when the popup is closed by the user,
+    //   and that will eventually result in NativeWindow::NotifyWindowClosed
+    //   using a dangling pointer since `destroy()` would have been called by
+    //   `closeByEmbedded`
+    // - No need to emit `ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_CLOSED_` since
+    //   there's no renderer code listening to it.,
+    embedder.once('render-view-deleted', closedByEmbedder)
+    guest.once('closed', closedByUser)
+  }

  if (frameName) {
    frameToGuest[frameName] = guest