security: only handle related IPCs when <webview> tag is enabled (#15859)

* refactor: move guest-view-manager related IPC handling out of rpc-server

* feat: only handle related IPCs when <webview> tag is enabled

lib/browser/guest-view-manager.js

@@ -3,6 +3,7 @@
 const { webContents } = require('electron')
 const ipcMain = require('@electron/internal/browser/ipc-main-internal')
 const parseFeaturesString = require('@electron/internal/common/parse-features-string')
+const errorUtils = require('@electron/internal/common/error-utils')
 
 // Doesn't exist in early initialization.
 let webViewManager = null
@@ -319,29 +320,82 @@ const watchEmbedder = function (embedder) {
   })
 }
 
-ipcMain.on('ELECTRON_GUEST_VIEW_MANAGER_CREATE_GUEST', function (event, params, requestId) {
+const isWebViewTagEnabledCache = new WeakMap()
+
+const isWebViewTagEnabled = function (contents) {
+  if (!isWebViewTagEnabledCache.has(contents)) {
+    const value = contents.getLastWebPreferences().webviewTag
+    isWebViewTagEnabledCache.set(contents, value)
+  }
+
+  return isWebViewTagEnabledCache.get(contents)
+}
+
+const handleMessage = function (channel, handler) {
+  ipcMain.on(channel, (event, ...args) => {
+    if (isWebViewTagEnabled(event.sender)) {
+      handler(event, ...args)
+    } else {
+      event.returnValue = null
+    }
+  })
+}
+
+handleMessage('ELECTRON_GUEST_VIEW_MANAGER_CREATE_GUEST', function (event, params, requestId) {
   event.sender._sendInternal(`ELECTRON_RESPONSE_${requestId}`, createGuest(event.sender, params))
 })
 
-ipcMain.on('ELECTRON_GUEST_VIEW_MANAGER_CREATE_GUEST_SYNC', function (event, params) {
+handleMessage('ELECTRON_GUEST_VIEW_MANAGER_CREATE_GUEST_SYNC', function (event, params) {
   event.returnValue = createGuest(event.sender, params)
 })
 
-ipcMain.on('ELECTRON_GUEST_VIEW_MANAGER_DESTROY_GUEST', function (event, guestInstanceId) {
+handleMessage('ELECTRON_GUEST_VIEW_MANAGER_DESTROY_GUEST', function (event, guestInstanceId) {
   const guest = getGuest(guestInstanceId)
   if (guest) {
     guest.destroy()
   }
 })
 
-ipcMain.on('ELECTRON_GUEST_VIEW_MANAGER_ATTACH_GUEST', function (event, embedderFrameId, elementInstanceId, guestInstanceId, params) {
+handleMessage('ELECTRON_GUEST_VIEW_MANAGER_ATTACH_GUEST', function (event, embedderFrameId, elementInstanceId, guestInstanceId, params) {
   attachGuest(event, embedderFrameId, elementInstanceId, guestInstanceId, params)
 })
 
-ipcMain.on('ELECTRON_GUEST_VIEW_MANAGER_FOCUS_CHANGE', function (event, focus, guestInstanceId) {
+handleMessage('ELECTRON_GUEST_VIEW_MANAGER_FOCUS_CHANGE', function (event, focus, guestInstanceId) {
   event.sender.emit('focus-change', {}, focus, guestInstanceId)
 })
 
+handleMessage('ELECTRON_GUEST_VIEW_MANAGER_ASYNC_CALL', function (event, requestId, guestInstanceId, method, args, hasCallback) {
+  new Promise(resolve => {
+    const guest = getGuest(guestInstanceId)
+    if (guest.hostWebContents !== event.sender) {
+      throw new Error('Access denied')
+    }
+    if (hasCallback) {
+      guest[method](...args, resolve)
+    } else {
+      resolve(guest[method](...args))
+    }
+  }).then(result => {
+    return [null, result]
+  }, error => {
+    return [errorUtils.serialize(error)]
+  }).then(responseArgs => {
+    event.sender._sendInternal(`ELECTRON_GUEST_VIEW_MANAGER_ASYNC_CALL_RESPONSE_${requestId}`, ...responseArgs)
+  })
+})
+
+handleMessage('ELECTRON_GUEST_VIEW_MANAGER_SYNC_CALL', function (event, guestInstanceId, method, args) {
+  try {
+    const guest = getGuest(guestInstanceId)
+    if (guest.hostWebContents !== event.sender) {
+      throw new Error('Access denied')
+    }
+    event.returnValue = [null, guest[method].apply(guest, args)]
+  } catch (error) {
+    event.returnValue = [errorUtils.serialize(error)]
+  }
+})
+
 // Returns WebContents from its guest id.
 const getGuest = function (guestInstanceId) {
   const guestInstance = guestInstances[guestInstanceId]