mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

fix: webFrame spell checker APIs crashing in sandboxed renderers (#29053)

Browse source
This commit is contained in:
Milan Burda 2021-05-10 14:19:23 +02:00 committed by GitHub
parent 1336978de9
commit aea8d5325c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 187 additions and 176 deletions
Download patch file Download diff file Expand all files Collapse all files

4
shell/renderer/api/electron_api_web_frame.cc
View file

@ -33,7 +33,7 @@
#include "shell/renderer/api/context_bridge/object_cache.h" #include "shell/renderer/api/context_bridge/object_cache.h"
#include "shell/renderer/api/electron_api_context_bridge.h" #include "shell/renderer/api/electron_api_context_bridge.h"
#include "shell/renderer/api/electron_api_spell_check_client.h" #include "shell/renderer/api/electron_api_spell_check_client.h"
#include "shell/renderer/electron_renderer_client.h" #include "shell/renderer/renderer_client_base.h"
#include "third_party/blink/public/common/browser_interface_broker_proxy.h" #include "third_party/blink/public/common/browser_interface_broker_proxy.h"
#include "third_party/blink/public/common/page/page_zoom.h" #include "third_party/blink/public/common/page/page_zoom.h"
#include "third_party/blink/public/common/web_cache/web_cache_resource_type_stats.h" #include "third_party/blink/public/common/web_cache/web_cache_resource_type_stats.h"
@ -121,7 +121,7 @@ bool SpellCheckWord(content::RenderFrame* render_frame,
size_t start; size_t start;
size_t length; size_t length;
ElectronRendererClient* client = ElectronRendererClient::Get(); RendererClientBase* client = RendererClientBase::Get();
std::u16string w = base::UTF8ToUTF16(word); std::u16string w = base::UTF8ToUTF16(word);
int id = render_frame->GetRoutingID(); int id = render_frame->GetRoutingID();

14
shell/renderer/electron_renderer_client.cc
View file

@ -35,27 +35,15 @@ bool IsDevToolsExtension(content::RenderFrame* render_frame) {
} // namespace } // namespace
// static
ElectronRendererClient* ElectronRendererClient::self_ = nullptr;
ElectronRendererClient::ElectronRendererClient() ElectronRendererClient::ElectronRendererClient()
: node_bindings_( : node_bindings_(
NodeBindings::Create(NodeBindings::BrowserEnvironment::kRenderer)), NodeBindings::Create(NodeBindings::BrowserEnvironment::kRenderer)),
electron_bindings_(new ElectronBindings(node_bindings_->uv_loop())) { electron_bindings_(new ElectronBindings(node_bindings_->uv_loop())) {}
DCHECK(!self_) << "Cannot have two ElectronRendererClient";
self_ = this;
}
ElectronRendererClient::~ElectronRendererClient() { ElectronRendererClient::~ElectronRendererClient() {
asar::ClearArchives(); asar::ClearArchives();
} }
// static
ElectronRendererClient* ElectronRendererClient::Get() {
DCHECK(self_);
return self_;
}
void ElectronRendererClient::RenderFrameCreated( void ElectronRendererClient::RenderFrameCreated(
content::RenderFrame* render_frame) { content::RenderFrame* render_frame) {
new ElectronRenderFrameObserver(render_frame, this); new ElectronRenderFrameObserver(render_frame, this);

4
shell/renderer/electron_renderer_client.h
View file

@ -26,8 +26,6 @@ class ElectronRendererClient : public RendererClientBase {
ElectronRendererClient(); ElectronRendererClient();
~ElectronRendererClient() override; ~ElectronRendererClient() override;
static ElectronRendererClient* Get();
// electron::RendererClientBase: // electron::RendererClientBase:
void DidCreateScriptContext(v8::Handle<v8::Context> context, void DidCreateScriptContext(v8::Handle<v8::Context> context,
content::RenderFrame* render_frame) override; content::RenderFrame* render_frame) override;
@ -68,8 +66,6 @@ class ElectronRendererClient : public RendererClientBase {
// assertion, so we have to keep a book of injected web frames. // assertion, so we have to keep a book of injected web frames.
std::set<content::RenderFrame*> injected_frames_; std::set<content::RenderFrame*> injected_frames_;
static ElectronRendererClient* self_;
DISALLOW_COPY_AND_ASSIGN(ElectronRendererClient); DISALLOW_COPY_AND_ASSIGN(ElectronRendererClient);
}; };

15
shell/renderer/renderer_client_base.cc
View file

@ -92,6 +92,9 @@ std::vector<std::string> ParseSchemesCLISwitch(base::CommandLine* command_line,
base::SPLIT_WANT_NONEMPTY); base::SPLIT_WANT_NONEMPTY);
} }
// static
RendererClientBase* g_renderer_client_base = nullptr;
} // namespace } // namespace
RendererClientBase::RendererClientBase() { RendererClientBase::RendererClientBase() {
@ -123,9 +126,13 @@ RendererClientBase::RendererClientBase() {
DCHECK(command_line->HasSwitch(::switches::kRendererClientId)); DCHECK(command_line->HasSwitch(::switches::kRendererClientId));
renderer_client_id_ = renderer_client_id_ =
command_line->GetSwitchValueASCII(::switches::kRendererClientId); command_line->GetSwitchValueASCII(::switches::kRendererClientId);
g_renderer_client_base = this;
} }
RendererClientBase::~RendererClientBase() = default; RendererClientBase::~RendererClientBase() {
g_renderer_client_base = nullptr;
}
void RendererClientBase::DidCreateScriptContext( void RendererClientBase::DidCreateScriptContext(
v8::Handle<v8::Context> context, v8::Handle<v8::Context> context,
@ -137,6 +144,12 @@ void RendererClientBase::DidCreateScriptContext(
global.SetHidden("contextId", context_id); global.SetHidden("contextId", context_id);
} }
// static
RendererClientBase* RendererClientBase::Get() {
DCHECK(g_renderer_client_base);
return g_renderer_client_base;
}
void RendererClientBase::BindProcess(v8::Isolate* isolate, void RendererClientBase::BindProcess(v8::Isolate* isolate,
gin_helper::Dictionary* process, gin_helper::Dictionary* process,
content::RenderFrame* render_frame) { content::RenderFrame* render_frame) {

2
shell/renderer/renderer_client_base.h
View file

@ -60,6 +60,8 @@ class RendererClientBase : public content::ContentRendererClient
RendererClientBase(); RendererClientBase();
~RendererClientBase() override; ~RendererClientBase() override;
static RendererClientBase* Get();
#if BUILDFLAG(ENABLE_BUILTIN_SPELLCHECKER) #if BUILDFLAG(ENABLE_BUILTIN_SPELLCHECKER)
// service_manager::LocalInterfaceProvider implementation. // service_manager::LocalInterfaceProvider implementation.
void GetInterface(const std::string& name, void GetInterface(const std::string& name,

19
spec-main/spellchecker-spec.ts
View file

@ -62,13 +62,19 @@ ifdescribe(features.isBuiltinSpellCheckerEnabled())('spellchecker', function ()
}); });
after(() => server.close()); after(() => server.close());
const fixtures = path.resolve(__dirname, '../spec/fixtures');
const preload = path.join(fixtures, 'module', 'preload-electron.js');
const generateSpecs = (description: string, sandbox: boolean) => {
describe(description, () => {
beforeEach(async () => { beforeEach(async () => {
w = new BrowserWindow({ w = new BrowserWindow({
show: false, show: false,
webPreferences: { webPreferences: {
nodeIntegration: true,
partition: `unique-spell-${Date.now()}`, partition: `unique-spell-${Date.now()}`,
contextIsolation: false contextIsolation: false,
preload,
sandbox
} }
}); });
w.webContents.session.setSpellCheckerDictionaryDownloadURL(`http://127.0.0.1:${(server.address() as AddressInfo).port}/`); w.webContents.session.setSpellCheckerDictionaryDownloadURL(`http://127.0.0.1:${(server.address() as AddressInfo).port}/`);
@ -115,7 +121,7 @@ ifdescribe(features.isBuiltinSpellCheckerEnabled())('spellchecker', function ()
await w.webContents.executeJavaScript('document.body.querySelector("textarea").focus()'); await w.webContents.executeJavaScript('document.body.querySelector("textarea").focus()');
await rightClickUntil((contextMenuParams) => contextMenuParams.misspelledWord.length > 0); await rightClickUntil((contextMenuParams) => contextMenuParams.misspelledWord.length > 0);
const callWebFrameFn = (expr: string) => w.webContents.executeJavaScript('require("electron").webFrame.' + expr); const callWebFrameFn = (expr: string) => w.webContents.executeJavaScript(`electron.webFrame.${expr}`);
expect(await callWebFrameFn('isWordMisspelled("typography")')).to.equal(false); expect(await callWebFrameFn('isWordMisspelled("typography")')).to.equal(false);
expect(await callWebFrameFn('isWordMisspelled("typograpy")')).to.equal(true); expect(await callWebFrameFn('isWordMisspelled("typograpy")')).to.equal(true);
@ -133,7 +139,7 @@ ifdescribe(features.isBuiltinSpellCheckerEnabled())('spellchecker', function ()
await w.webContents.executeJavaScript('document.body.querySelector("textarea").focus()'); await w.webContents.executeJavaScript('document.body.querySelector("textarea").focus()');
await rightClickUntil((contextMenuParams) => contextMenuParams.misspelledWord.length > 0); await rightClickUntil((contextMenuParams) => contextMenuParams.misspelledWord.length > 0);
const callWebFrameFn = (expr: string) => w.webContents.executeJavaScript('require("electron").webFrame.' + expr); const callWebFrameFn = (expr: string) => w.webContents.executeJavaScript(`electron.webFrame.${expr}`);
w.webContents.session.spellCheckerEnabled = false; w.webContents.session.spellCheckerEnabled = false;
v8Util.runUntilIdle(); v8Util.runUntilIdle();
@ -225,3 +231,8 @@ ifdescribe(features.isBuiltinSpellCheckerEnabled())('spellchecker', function ()
}); });
}); });
}); });
};
generateSpecs('without sandbox', false);
generateSpecs('with sandbox', true);
});

1
spec/fixtures/module/preload-electron.js vendored Normal file
View file

@ -0,0 +1 @@
window.electron = require('electron');