mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

Don't pass preloadPath via ELECTRON_BROWSER_SANDBOX_LOAD for security reasons (#13031) (#14026)

Browse source
This commit is contained in:
Milan Burda 2018-08-11 19:53:33 +02:00 committed by Charles Kerr
parent fb2afe8656
commit b5bfd9867b
8 changed files with 55 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

39
atom/browser/web_contents_preferences.cc
View file

@ -109,6 +109,30 @@ void WebContentsPreferences::Merge(const base::DictionaryValue& extend) {
dict_.MergeDictionary(&extend);
}
bool WebContentsPreferences::GetPreloadPath(
base::FilePath::StringType* path) const {
DCHECK(path);
base::FilePath::StringType preload;
if (dict_.GetString(options::kPreloadScript, &preload)) {
if (base::FilePath(preload).IsAbsolute()) {
*path = std::move(preload);
return true;
} else {
LOG(ERROR) << "preload script must have absolute path.";
}
} else if (dict_.GetString(options::kPreloadURL, &preload)) {
// Translate to file path if there is "preload-url" option.
base::FilePath preload_path;
if (net::FileURLToFilePath(GURL(preload), &preload_path)) {
*path = std::move(preload_path.value());
return true;
} else {
LOG(ERROR) << "preload url must be file:// protocol.";
}
}
return false;
}
// static
content::WebContents* WebContentsPreferences::GetWebContentsFromProcessID(
int process_id) {
@ -171,19 +195,8 @@ void WebContentsPreferences::AppendCommandLineSwitches(
// The preload script.
base::FilePath::StringType preload;
if (dict_.GetString(options::kPreloadScript, &preload)) {
if (base::FilePath(preload).IsAbsolute())
command_line->AppendSwitchNative(switches::kPreloadScript, preload);
else
LOG(ERROR) << "preload script must have absolute path.";
} else if (dict_.GetString(options::kPreloadURL, &preload)) {
// Translate to file path if there is "preload-url" option.
base::FilePath preload_path;
if (net::FileURLToFilePath(GURL(preload), &preload_path))
command_line->AppendSwitchPath(switches::kPreloadScript, preload_path);
else
LOG(ERROR) << "preload url must be file:// protocol.";
}
if (GetPreloadPath(&preload))
command_line->AppendSwitchNative(switches::kPreloadScript, preload);
// Custom args for renderer process
base::Value* customArgs;