fix: illegal access errors with nodeIntegrationInSubFrames (#29093)
This commit is contained in:
parent
4073599f59
commit
b7a23450b7
6 changed files with 104 additions and 4 deletions
|
@ -79,6 +79,7 @@ void ElectronRenderFrameObserver::DidInstallConditionalFeatures(
|
|||
bool is_main_world = IsMainWorld(world_id);
|
||||
bool is_main_frame = render_frame_->IsMainFrame();
|
||||
bool allow_node_in_sub_frames = prefs.node_integration_in_sub_frames;
|
||||
|
||||
bool should_create_isolated_context =
|
||||
use_context_isolation && is_main_world &&
|
||||
(is_main_frame || allow_node_in_sub_frames);
|
||||
|
@ -157,12 +158,24 @@ bool ElectronRenderFrameObserver::IsIsolatedWorld(int world_id) {
|
|||
|
||||
bool ElectronRenderFrameObserver::ShouldNotifyClient(int world_id) {
|
||||
auto prefs = render_frame_->GetBlinkPreferences();
|
||||
|
||||
// This is necessary because if an iframe is created and a source is not
|
||||
// set, the iframe loads about:blank and creates a script context for the
|
||||
// same. We don't want to create a Node.js environment here because if the src
|
||||
// is later set, the JS necessary to do that triggers illegal access errors
|
||||
// when the initial about:blank Node.js environment is cleaned up. See:
|
||||
// https://source.chromium.org/chromium/chromium/src/+/main:content/renderer/render_frame_impl.h;l=870-892;drc=4b6001440a18740b76a1c63fa2a002cc941db394
|
||||
GURL url = render_frame_->GetWebFrame()->GetDocument().Url();
|
||||
bool allow_node_in_sub_frames = prefs.node_integration_in_sub_frames;
|
||||
if (allow_node_in_sub_frames && url.IsAboutBlank() &&
|
||||
!render_frame_->IsMainFrame())
|
||||
return false;
|
||||
|
||||
if (prefs.context_isolation &&
|
||||
(render_frame_->IsMainFrame() || allow_node_in_sub_frames))
|
||||
return IsIsolatedWorld(world_id);
|
||||
else
|
||||
return IsMainWorld(world_id);
|
||||
|
||||
return IsMainWorld(world_id);
|
||||
}
|
||||
|
||||
} // namespace electron
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue