Merge pull request #934 from atom/webview-websecurity

Add "disablewebsecurity" attribute for <webview>
This commit is contained in:
Cheng Zhao 2014-12-18 11:21:04 -08:00
commit 48b0d85f54
12 changed files with 62 additions and 4 deletions

View file

@ -274,6 +274,9 @@ void WebContents::Destroy() {
if (!destruction_callback_.is_null())
destruction_callback_.Run();
// When force destroying the "destroyed" event is not emitted.
WebContentsDestroyed();
Observe(nullptr);
storage_.reset();
}

View file

@ -96,6 +96,14 @@ void AtomBrowserClient::OverrideWebkitPrefs(
return;
}
// Custom preferences of guest page.
int guest_process_id = render_view_host->GetProcess()->GetID();
WebViewRendererState::WebViewInfo info;
if (WebViewRendererState::GetInstance()->GetInfo(guest_process_id, &info)) {
prefs->web_security_enabled = !info.disable_web_security;
return;
}
NativeWindow* window = NativeWindow::FromRenderView(
render_view_host->GetProcess()->GetID(),
render_view_host->GetRoutingID());

View file

@ -40,8 +40,9 @@ createGuest = (embedder, params) ->
destroyEvents = ['destroyed', 'crashed', 'did-navigate-to-different-page']
destroy = ->
destroyGuest id if guestInstances[id]?
embedder.removeListener event, destroy for event in destroyEvents
embedder.once event, destroy for event in destroyEvents
guest.once 'destroyed', ->
embedder.removeListener event, destroy for event in destroyEvents
# Init guest web view after attached.
guest.once 'did-attach', ->
@ -93,6 +94,7 @@ attachGuest = (embedder, elementInstanceId, guestInstanceId, params) ->
webViewManager.addGuest guestInstanceId, elementInstanceId, embedder, guest,
nodeIntegration: params.nodeintegration
plugins: params.plugins
disableWebSecurity: params.disablewebsecurity
preloadUrl: params.preload ? ''
guest.attachParams = params

View file

@ -41,7 +41,8 @@ struct Converter<atom::WebViewManager::WebViewOptions> {
return false;
return options.Get("nodeIntegration", &(out->node_integration)) &&
options.Get("plugins", &(out->plugins)) &&
options.Get("preloadUrl", &(out->preload_url));
options.Get("preloadUrl", &(out->preload_url)) &&
options.Get("disableWebSecurity", &(out->disable_web_security));
}
};
@ -63,7 +64,10 @@ void WebViewManager::AddGuest(int guest_instance_id,
web_contents_map_[guest_instance_id] = { web_contents, embedder };
WebViewRendererState::WebViewInfo web_view_info = {
guest_instance_id, options.node_integration, options.plugins
guest_instance_id,
options.node_integration,
options.plugins,
options.disable_web_security,
};
net::FileURLToFilePath(options.preload_url, &web_view_info.preload_script);
content::BrowserThread::PostTask(

View file

@ -24,6 +24,7 @@ class WebViewManager : public content::BrowserPluginGuestManager {
struct WebViewOptions {
bool node_integration;
bool plugins;
bool disable_web_security;
GURL preload_url;
};

View file

@ -24,6 +24,7 @@ class WebViewRendererState {
int guest_instance_id;
bool node_integration;
bool plugins;
bool disable_web_security;
base::FilePath preload_script;
};

View file

@ -195,6 +195,7 @@ WebViewImpl::setupWebViewAttributes = ->
@attributes[webViewConstants.ATTRIBUTE_HTTPREFERRER] = new HttpReferrerAttribute(this)
@attributes[webViewConstants.ATTRIBUTE_NODEINTEGRATION] = new BooleanAttribute(webViewConstants.ATTRIBUTE_NODEINTEGRATION, this)
@attributes[webViewConstants.ATTRIBUTE_PLUGINS] = new BooleanAttribute(webViewConstants.ATTRIBUTE_PLUGINS, this)
@attributes[webViewConstants.ATTRIBUTE_DISABLEWEBSECURITY] = new BooleanAttribute(webViewConstants.ATTRIBUTE_DISABLEWEBSECURITY, this)
@attributes[webViewConstants.ATTRIBUTE_PRELOAD] = new PreloadAttribute(this)
autosizeAttributes = [

View file

@ -12,6 +12,7 @@ module.exports =
ATTRIBUTE_HTTPREFERRER: 'httpreferrer'
ATTRIBUTE_NODEINTEGRATION: 'nodeintegration'
ATTRIBUTE_PLUGINS: 'plugins'
ATTRIBUTE_DISABLEWEBSECURITY: 'disablewebsecurity'
ATTRIBUTE_PRELOAD: 'preload'
# Internal attribute.

View file

@ -50,7 +50,6 @@ class WebViewImpl
# heard back from createGuest yet. We will not reset the flag in this case so
# that we don't end up allocating a second guest.
if @guestInstanceId
# FIXME
guestViewInternal.destroyGuest @guestInstanceId
@guestInstanceId = undefined
@beforeFirstNavigation = true

View file

@ -112,6 +112,14 @@ after this script has done execution.
Sets the referrer URL for the guest page.
### disablewebsecurity
```html
<webview src="https://www.github.com/" disablewebsecurity></webview>
```
If "on", the guest page will have web security disabled.
## Methods
### `<webview>`.getUrl()

BIN
spec/fixtures/assets/logo.png vendored Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 14 KiB

View file

@ -70,6 +70,36 @@ describe '<webview> tag', ->
webview.src = "file://#{fixtures}/pages/referrer.html"
document.body.appendChild webview
describe 'disablewebsecurity attribute', ->
it 'does not disable web security when not set', (done) ->
src = "
<script src='file://#{__dirname}/static/jquery-2.0.3.min.js'></script>
<script>console.log('ok');</script>
"
encoded = btoa(unescape(encodeURIComponent(src)))
listener = (e) ->
assert /Not allowed to load local resource/.test(e.message)
webview.removeEventListener 'console-message', listener
done()
webview.addEventListener 'console-message', listener
webview.src = "data:text/html;base64,#{encoded}"
document.body.appendChild webview
it 'disables web security when set', (done) ->
src = "
<script src='file://#{__dirname}/static/jquery-2.0.3.min.js'></script>
<script>console.log('ok');</script>
"
encoded = btoa(unescape(encodeURIComponent(src)))
listener = (e) ->
assert.equal e.message, 'ok'
webview.removeEventListener 'console-message', listener
done()
webview.addEventListener 'console-message', listener
webview.setAttribute 'disablewebsecurity', ''
webview.src = "data:text/html;base64,#{encoded}"
document.body.appendChild webview
describe 'new-window event', ->
it 'emits when window.open is called', (done) ->
webview.addEventListener 'new-window', (e) ->