mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

feat: sandbox preloads by default (#32869)

Browse source
This commit is contained in:
Jeremy Rose 2022-07-11 16:28:09 -07:00 committed by GitHub
parent f63bba8ce2
commit 4190ec2482
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
shell/browser/web_contents_preferences.cc
View file

@ -316,9 +316,7 @@ bool WebContentsPreferences::IsSandboxed() const {
if (sandbox_) if (sandbox_)
return *sandbox_; return *sandbox_;
bool sandbox_disabled_by_default = bool sandbox_disabled_by_default =
node_integration_ || node_integration_in_worker_ || preload_path_ || node_integration_ || node_integration_in_worker_;
!SessionPreferences::GetValidPreloads(web_contents_->GetBrowserContext())
.empty();
return !sandbox_disabled_by_default; return !sandbox_disabled_by_default;
} }

3
spec-main/fixtures/apps/libuv-hang/main.js
View file

@ -5,7 +5,8 @@ async function createWindow () {
const mainWindow = new BrowserWindow({ const mainWindow = new BrowserWindow({
show: false, show: false,
webPreferences: { webPreferences: {
preload: path.join(__dirname, 'preload.js') preload: path.join(__dirname, 'preload.js'),
sandbox: false
} }
}); });

4
spec/webview-spec.js
View file

@ -243,6 +243,7 @@ describe('<webview> tag', function () {
it('preload script can require modules that still use "process" and "Buffer" when nodeintegration is off', async () => { it('preload script can require modules that still use "process" and "Buffer" when nodeintegration is off', async () => {
const message = await startLoadingWebViewAndWaitForMessage(webview, { const message = await startLoadingWebViewAndWaitForMessage(webview, {
preload: `${fixtures}/module/preload-node-off-wrapper.js`, preload: `${fixtures}/module/preload-node-off-wrapper.js`,
webpreferences: 'sandbox=no',
src: `file://${fixtures}/api/blank.html` src: `file://${fixtures}/api/blank.html`
}); });
@ -288,6 +289,7 @@ describe('<webview> tag', function () {
it('works without script tag in page', async () => { it('works without script tag in page', async () => {
const message = await startLoadingWebViewAndWaitForMessage(webview, { const message = await startLoadingWebViewAndWaitForMessage(webview, {
preload: `${fixtures}/module/preload.js`, preload: `${fixtures}/module/preload.js`,
webpreferences: 'sandbox=no',
src: `file://${fixtures}pages/base-page.html` src: `file://${fixtures}pages/base-page.html`
}); });
@ -303,6 +305,7 @@ describe('<webview> tag', function () {
it('resolves relative URLs', async () => { it('resolves relative URLs', async () => {
const message = await startLoadingWebViewAndWaitForMessage(webview, { const message = await startLoadingWebViewAndWaitForMessage(webview, {
preload: '../fixtures/module/preload.js', preload: '../fixtures/module/preload.js',
webpreferences: 'sandbox=no',
src: `file://${fixtures}/pages/e.html` src: `file://${fixtures}/pages/e.html`
}); });
@ -390,6 +393,7 @@ describe('<webview> tag', function () {
const message = await startLoadingWebViewAndWaitForMessage(webview, { const message = await startLoadingWebViewAndWaitForMessage(webview, {
disablewebsecurity: '', disablewebsecurity: '',
preload: `${fixtures}/module/preload.js`, preload: `${fixtures}/module/preload.js`,
webpreferences: 'sandbox=no',
src: `file://${fixtures}/pages/e.html` src: `file://${fixtures}/pages/e.html`
}); });