mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

Merge pull request #5559 from electron/disable-webview

Browse source 
Disable webview when nodeIntegration is off
This commit is contained in:
Cheng Zhao 2016-05-18 01:26:58 +00:00
commit 397d0e34ee
5 changed files with 34 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
docs/api/web-view-tag.md
View file

@ -12,6 +12,9 @@ app. It doesn't have the same permissions as your web page and all interactions
between your app and embedded content will be asynchronous. This keeps your app between your app and embedded content will be asynchronous. This keeps your app
safe from the embedded content. safe from the embedded content.
For security purpose, `webview` can only be used in `BrowserWindow`s that have
`nodeIntegration` enabled.
## Example ## Example
To embed a web page in your app, add the `webview` tag to your app's embedder To embed a web page in your app, add the `webview` tag to your app's embedder

4
lib/browser/guest-view-manager.js
View file

@ -183,10 +183,6 @@ var attachGuest = function (embedder, elementInstanceId, guestInstanceId, params
blinkFeatures: params.blinkfeatures blinkFeatures: params.blinkfeatures
} }
if (embedder.getWebPreferences().nodeIntegration === false) {
webPreferences.nodeIntegration = false
}
if (params.preload) { if (params.preload) {
webPreferences.preloadURL = params.preload webPreferences.preloadURL = params.preload
} }

2
lib/renderer/init.js
View file

@ -70,7 +70,7 @@ if (window.location.protocol === 'chrome-devtools:') {
require('./override') require('./override')
// Load webview tag implementation. // Load webview tag implementation.
if (process.guestInstanceId == null) { if (nodeIntegration === 'true' && process.guestInstanceId == null) {
require('./web-view/web-view') require('./web-view/web-view')
require('./web-view/web-view-attributes') require('./web-view/web-view-attributes')
} }

5
spec/fixtures/module/preload-webview.js vendored Normal file
View file

@ -0,0 +1,5 @@
const {ipcRenderer} = require('electron')
window.onload = function () {
ipcRenderer.send('webview', typeof WebView)
}

61
spec/webview-spec.js
View file

@ -8,7 +8,9 @@ describe('<webview> tag', function () {
this.timeout(20000) this.timeout(20000)
var fixtures = path.join(__dirname, 'fixtures') var fixtures = path.join(__dirname, 'fixtures')
var webview = null var webview = null
let w = null
beforeEach(function () { beforeEach(function () {
webview = new WebView() webview = new WebView()
@ -18,17 +20,38 @@ describe('<webview> tag', function () {
if (document.body.contains(webview)) { if (document.body.contains(webview)) {
document.body.removeChild(webview) document.body.removeChild(webview)
} }
if (w) {
w.destroy()
w = null
}
}) })
it('works without script tag in page', function (done) { it('works without script tag in page', function (done) {
let w = new BrowserWindow({show: false}) w = new BrowserWindow({show: false})
ipcMain.once('pong', function () { ipcMain.once('pong', function () {
w.destroy()
done() done()
}) })
w.loadURL('file://' + fixtures + '/pages/webview-no-script.html') w.loadURL('file://' + fixtures + '/pages/webview-no-script.html')
}) })
it('is disabled when nodeIntegration is disabled', function (done) {
w = new BrowserWindow({
show: false,
webPreferences: {
nodeIntegration: false,
preload: path.join(fixtures, 'module', 'preload-webview.js')
},
})
ipcMain.once('webview', function (event, type) {
if (type === 'undefined') {
done()
} else {
done('WebView still exists')
}
})
w.loadURL('file://' + fixtures + '/pages/webview-no-script.html')
})
describe('src attribute', function () { describe('src attribute', function () {
it('specifies the page to load', function (done) { it('specifies the page to load', function (done) {
webview.addEventListener('console-message', function (e) { webview.addEventListener('console-message', function (e) {
@ -84,40 +107,6 @@ describe('<webview> tag', function () {
document.body.appendChild(webview) document.body.appendChild(webview)
}) })
it('disables node integration when disabled on the parent BrowserWindow', function (done) {
var b = undefined
ipcMain.once('answer', function (event, typeofProcess) {
try {
assert.equal(typeofProcess, 'undefined')
done()
} finally {
b.close()
}
})
var windowUrl = require('url').format({
pathname: `${fixtures}/pages/webview-no-node-integration-on-window.html`,
protocol: 'file',
query: {
p: `${fixtures}/pages/web-view-log-process.html`
},
slashes: true
})
var preload = path.join(fixtures, 'module', 'answer.js')
b = new BrowserWindow({
height: 400,
width: 400,
show: false,
webPreferences: {
preload: preload,
nodeIntegration: false,
}
})
b.loadURL(windowUrl)
})
it('disables node integration on child windows when it is disabled on the webview', function (done) { it('disables node integration on child windows when it is disabled on the webview', function (done) {
app.once('browser-window-created', function (event, window) { app.once('browser-window-created', function (event, window) {
assert.equal(window.webContents.getWebPreferences().nodeIntegration, false) assert.equal(window.webContents.getWebPreferences().nodeIntegration, false)