Merge pull request #7298 from deepak1556/content_settings_patch

protocol: disable storage for non standard custom schemes

atom/renderer/atom_renderer_client.cc

@@ -15,6 +15,7 @@
 #include "atom/common/node_bindings.h"
 #include "atom/common/options_switches.h"
 #include "atom/renderer/atom_render_view_observer.h"
+#include "atom/renderer/content_settings_observer.h"
 #include "atom/renderer/guest_view_container.h"
 #include "atom/renderer/node_array_buffer_bridge.h"
 #include "atom/renderer/preferences_manager.h"
@@ -176,6 +177,7 @@ void AtomRendererClient::RenderFrameCreated(
     content::RenderFrame* render_frame) {
   new PepperHelper(render_frame);
   new AtomRenderFrameObserver(render_frame, this);
+  new ContentSettingsObserver(render_frame);
 
   // Allow file scheme to handle service worker by default.
   // FIXME(zcbenz): Can this be moved elsewhere?

atom/renderer/content_settings_observer.cc

@@ -0,0 +1,65 @@
+// Copyright (c) 2016 GitHub, Inc.
+// Use of this source code is governed by the MIT license that can be
+// found in the LICENSE file.
+
+#include "atom/renderer/content_settings_observer.h"
+
+#include "content/public/renderer/render_frame.h"
+#include "third_party/WebKit/public/platform/URLConversion.h"
+#include "third_party/WebKit/public/platform/WebSecurityOrigin.h"
+#include "third_party/WebKit/public/web/WebLocalFrame.h"
+
+namespace atom {
+
+ContentSettingsObserver::ContentSettingsObserver(
+    content::RenderFrame* render_frame)
+    : content::RenderFrameObserver(render_frame) {
+  render_frame->GetWebFrame()->setContentSettingsClient(this);
+}
+
+ContentSettingsObserver::~ContentSettingsObserver() {
+}
+
+bool ContentSettingsObserver::allowDatabase(
+    const blink::WebString& name,
+    const blink::WebString& display_name,
+    unsigned estimated_size) {
+  blink::WebFrame* frame = render_frame()->GetWebFrame();
+  if (frame->getSecurityOrigin().isUnique() ||
+      frame->top()->getSecurityOrigin().isUnique())
+    return false;
+  auto origin = blink::WebStringToGURL(frame->getSecurityOrigin().toString());
+  if (!origin.IsStandard())
+    return false;
+  return true;
+}
+
+bool ContentSettingsObserver::allowStorage(bool local) {
+  blink::WebFrame* frame = render_frame()->GetWebFrame();
+  if (frame->getSecurityOrigin().isUnique() ||
+      frame->top()->getSecurityOrigin().isUnique())
+    return false;
+  auto origin = blink::WebStringToGURL(frame->getSecurityOrigin().toString());
+  if (!origin.IsStandard())
+    return false;
+  return true;
+}
+
+bool ContentSettingsObserver::allowIndexedDB(
+    const blink::WebString& name,
+    const blink::WebSecurityOrigin& security_origin) {
+  blink::WebFrame* frame = render_frame()->GetWebFrame();
+  if (frame->getSecurityOrigin().isUnique() ||
+      frame->top()->getSecurityOrigin().isUnique())
+    return false;
+  auto origin = blink::WebStringToGURL(frame->getSecurityOrigin().toString());
+  if (!origin.IsStandard())
+    return false;
+  return true;
+}
+
+void ContentSettingsObserver::OnDestruct() {
+  delete this;
+}
+
+}  // namespace atom

atom/renderer/content_settings_observer.h

@@ -0,0 +1,37 @@
+// Copyright (c) 2016 GitHub, Inc.
+// Use of this source code is governed by the MIT license that can be
+// found in the LICENSE file.
+
+#ifndef ATOM_RENDERER_CONTENT_SETTINGS_OBSERVER_H_
+#define ATOM_RENDERER_CONTENT_SETTINGS_OBSERVER_H_
+
+#include "base/compiler_specific.h"
+#include "content/public/renderer/render_frame_observer.h"
+#include "third_party/WebKit/public/web/WebContentSettingsClient.h"
+
+namespace atom {
+
+class ContentSettingsObserver : public content::RenderFrameObserver,
+                                public blink::WebContentSettingsClient {
+ public:
+  explicit ContentSettingsObserver(content::RenderFrame* render_frame);
+  ~ContentSettingsObserver() override;
+
+  // blink::WebContentSettingsClient implementation.
+  bool allowDatabase(const blink::WebString& name,
+                     const blink::WebString& display_name,
+                     unsigned estimated_size) override;
+  bool allowStorage(bool local) override;
+  bool allowIndexedDB(const blink::WebString& name,
+                      const blink::WebSecurityOrigin& security_origin) override;
+
+ private:
+  // content::RenderFrameObserver implementation.
+  void OnDestruct() override;
+
+  DISALLOW_COPY_AND_ASSIGN(ContentSettingsObserver);
+};
+
+}  // namespace atom
+
+#endif  // ATOM_RENDERER_CONTENT_SETTINGS_OBSERVER_H_

docs/api/protocol.md

@@ -50,8 +50,11 @@ non-standard schemes can not recognize relative URLs:
 
 Registering a scheme as standard will allow access to files through the
 [FileSystem API][file-system-api]. Otherwise the renderer will throw a security
-error for the scheme. So in general if you want to register a custom protocol to
+error for the scheme.
-replace the `http` protocol, you have to register it as a standard scheme:
+
+By default web storage apis (localStorage, sessionStorage, webSQL, indexedDB, cookies)
+are disabled for non standard schemes. So in general if you want to register a
+custom protocol to replace the `http` protocol, you have to register it as a standard scheme:
 
 ```javascript
 const {app, protocol} = require('electron')

filenames.gypi

@@ -433,6 +433,8 @@
       'atom/renderer/atom_render_view_observer.h',
       'atom/renderer/atom_renderer_client.cc',
       'atom/renderer/atom_renderer_client.h',
+      'atom/renderer/content_settings_observer.cc',
+      'atom/renderer/content_settings_observer.h',
       'atom/renderer/guest_view_container.cc',
       'atom/renderer/guest_view_container.h',
       'atom/renderer/node_array_buffer_bridge.cc',

spec/chromium-spec.js

@@ -5,7 +5,7 @@ const ws = require('ws')
 const url = require('url')
 const remote = require('electron').remote
 
-const {BrowserWindow, session, webContents} = remote
+const {BrowserWindow, ipcMain, protocol, session, webContents} = remote
 
 const isCI = remote.getGlobal('isCi')
 
@@ -442,6 +442,88 @@ describe('chromium feature', function () {
         done()
       })
     })
+
+    describe('custom non standard schemes', function () {
+      const protocolName = 'storage'
+      let contents = null
+      before(function (done) {
+        const handler = function (request, callback) {
+          let parsedUrl = url.parse(request.url)
+          let filename
+          switch (parsedUrl.pathname) {
+            case '/localStorage' : filename = 'local_storage.html'; break
+            case '/sessionStorage' : filename = 'session_storage.html'; break
+            case '/WebSQL' : filename = 'web_sql.html'; break
+            case '/indexedDB' : filename = 'indexed_db.html'; break
+            case '/cookie' : filename = 'cookie.html'; break
+            default : filename = ''
+          }
+          callback({path: fixtures + '/pages/storage/' + filename})
+        }
+        protocol.registerFileProtocol(protocolName, handler, function (error) {
+          done(error)
+        })
+      })
+
+      after(function (done) {
+        protocol.unregisterProtocol(protocolName, () => done())
+      })
+
+      beforeEach(function () {
+        contents = webContents.create({})
+      })
+
+      afterEach(function () {
+        contents.destroy()
+        contents = null
+      })
+
+      it('cannot access localStorage', function (done) {
+        ipcMain.once('local-storage-response', function (event, error) {
+          assert.equal(
+            error,
+            'Failed to read the \'localStorage\' property from \'Window\': Access is denied for this document.')
+          done()
+        })
+        contents.loadURL(protocolName + '://host/localStorage')
+      })
+
+      it('cannot access sessionStorage', function (done) {
+        ipcMain.once('session-storage-response', function (event, error) {
+          assert.equal(
+            error,
+            'Failed to read the \'sessionStorage\' property from \'Window\': Access is denied for this document.')
+          done()
+        })
+        contents.loadURL(protocolName + '://host/sessionStorage')
+      })
+
+      it('cannot access WebSQL database', function (done) {
+        ipcMain.once('web-sql-response', function (event, error) {
+          assert.equal(
+            error,
+            'An attempt was made to break through the security policy of the user agent.')
+          done()
+        })
+        contents.loadURL(protocolName + '://host/WebSQL')
+      })
+
+      it('cannot access indexedDB', function (done) {
+        ipcMain.once('indexed-db-response', function (event, error) {
+          assert.equal(error, 'The user denied permission to access the database.')
+          done()
+        })
+        contents.loadURL(protocolName + '://host/indexedDB')
+      })
+
+      it('cannot access cookie', function (done) {
+        ipcMain.once('cookie-response', function (event, cookie) {
+          assert(!cookie)
+          done()
+        })
+        contents.loadURL(protocolName + '://host/cookie')
+      })
+    })
   })
 
   describe('websockets', function () {

spec/fixtures/pages/storage/cookie.html

@@ -0,0 +1,5 @@
+<script>
+  const {ipcRenderer} = require('electron')
+  document.cookie = "test=123"
+  ipcRenderer.send('cookie-response', document.cookie)
+</script>

spec/fixtures/pages/storage/indexed_db.html

@@ -0,0 +1,7 @@
+<script>
+  let req = window.indexedDB.open('test')
+  req.onerror = function (event) {
+    const {ipcRenderer} = require('electron')
+    ipcRenderer.send('indexed-db-response', event.target.error.message)
+  }
+</script>

spec/fixtures/pages/storage/local_storage.html

@@ -0,0 +1,8 @@
+<script>
+  try {
+    window.localStorage
+  } catch (e) {
+    const {ipcRenderer} = require('electron')
+    ipcRenderer.send('local-storage-response', e.message)
+  }
+</script>

spec/fixtures/pages/storage/session_storage.html

@@ -0,0 +1,8 @@
+<script>
+  try {
+    window.sessionStorage
+  } catch (e) {
+    const {ipcRenderer} = require('electron')
+    ipcRenderer.send('session-storage-response', e.message)
+  }
+</script>

spec/fixtures/pages/storage/web_sql.html

@@ -0,0 +1,8 @@
+<script>
+  try {
+    window.openDatabase('test', '1.0', 'test database', 65536)
+  } catch (e) {
+    const {ipcRenderer} = require('electron')
+    ipcRenderer.send('web-sql-response', e.message)
+  }
+</script>