mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

refactor: port window.open and window.opener to use ctx bridge instead of hole punching (#23235)

Browse source 
* refactor: port window.open and window.opener to use ctx bridge instead of hole punching

* refactor: only run the isolated init bundle when webview is enabled
This commit is contained in:
Samuel Attard 2020-04-27 12:46:04 -07:00 committed by GitHub
parent c68589f212
commit abe5cf398c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 178 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

5
lib/browser/api/web-contents.js
View file

@ -548,6 +548,11 @@ WebContents.prototype._init = function () {
internalWindowOpen(event, url, referrer, frameName, disposition, mergedOptions, additionalFeatures, postData);
});
const prefs = this.getWebPreferences() || {};
if (prefs.webviewTag && prefs.contextIsolation) {
electron.deprecate.log('Security Warning: A WebContents was just created with both webviewTag and contextIsolation enabled. This combination is fundamentally less secure and effectively bypasses the protections of contextIsolation. We strongly recommend you move away from webviews to OOPIF or BrowserView in order for your app to be more secure');
}
}
this.on('login', (event, ...args) => {