fix: <webview> not working with contextIsolation + sandbox (#16469)
This commit is contained in:
parent
a9ac75c1f9
commit
b965e54efc
8 changed files with 164 additions and 82 deletions
|
@ -202,6 +202,30 @@ void AtomSandboxedRendererClient::DidCreateScriptContext(
|
||||||
&preload_bundle_params, &preload_bundle_args, nullptr);
|
&preload_bundle_params, &preload_bundle_args, nullptr);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void AtomSandboxedRendererClient::SetupMainWorldOverrides(
|
||||||
|
v8::Handle<v8::Context> context,
|
||||||
|
content::RenderFrame* render_frame) {
|
||||||
|
// Setup window overrides in the main world context
|
||||||
|
// Wrap the bundle into a function that receives the isolatedWorld as
|
||||||
|
// an argument.
|
||||||
|
auto* isolate = context->GetIsolate();
|
||||||
|
|
||||||
|
mate::Dictionary process = mate::Dictionary::CreateEmpty(isolate);
|
||||||
|
process.SetMethod("binding", GetBinding);
|
||||||
|
|
||||||
|
std::vector<v8::Local<v8::String>> isolated_bundle_params = {
|
||||||
|
node::FIXED_ONE_BYTE_STRING(isolate, "nodeProcess"),
|
||||||
|
node::FIXED_ONE_BYTE_STRING(isolate, "isolatedWorld")};
|
||||||
|
|
||||||
|
std::vector<v8::Local<v8::Value>> isolated_bundle_args = {
|
||||||
|
process.GetHandle(),
|
||||||
|
GetContext(render_frame->GetWebFrame(), isolate)->Global()};
|
||||||
|
|
||||||
|
node::per_process::native_module_loader.CompileAndCall(
|
||||||
|
context, "electron/js2c/isolated_bundle", &isolated_bundle_params,
|
||||||
|
&isolated_bundle_args, nullptr);
|
||||||
|
}
|
||||||
|
|
||||||
void AtomSandboxedRendererClient::WillReleaseScriptContext(
|
void AtomSandboxedRendererClient::WillReleaseScriptContext(
|
||||||
v8::Handle<v8::Context> context,
|
v8::Handle<v8::Context> context,
|
||||||
content::RenderFrame* render_frame) {
|
content::RenderFrame* render_frame) {
|
||||||
|
|
|
@ -29,7 +29,7 @@ class AtomSandboxedRendererClient : public RendererClientBase {
|
||||||
void WillReleaseScriptContext(v8::Handle<v8::Context> context,
|
void WillReleaseScriptContext(v8::Handle<v8::Context> context,
|
||||||
content::RenderFrame* render_frame) override;
|
content::RenderFrame* render_frame) override;
|
||||||
void SetupMainWorldOverrides(v8::Handle<v8::Context> context,
|
void SetupMainWorldOverrides(v8::Handle<v8::Context> context,
|
||||||
content::RenderFrame* render_frame) override {}
|
content::RenderFrame* render_frame) override;
|
||||||
// content::ContentRendererClient:
|
// content::ContentRendererClient:
|
||||||
void RenderFrameCreated(content::RenderFrame*) override;
|
void RenderFrameCreated(content::RenderFrame*) override;
|
||||||
void RenderViewCreated(content::RenderView*) override;
|
void RenderViewCreated(content::RenderView*) override;
|
||||||
|
|
|
@ -74,6 +74,7 @@ filenames = {
|
||||||
"lib/renderer/web-view/web-view-constants.js",
|
"lib/renderer/web-view/web-view-constants.js",
|
||||||
"lib/renderer/web-view/web-view-element.js",
|
"lib/renderer/web-view/web-view-element.js",
|
||||||
"lib/renderer/web-view/web-view-impl.js",
|
"lib/renderer/web-view/web-view-impl.js",
|
||||||
|
"lib/renderer/web-view/web-view-init.js",
|
||||||
"lib/renderer/api/exports/electron.js",
|
"lib/renderer/api/exports/electron.js",
|
||||||
"lib/renderer/api/crash-reporter.js",
|
"lib/renderer/api/crash-reporter.js",
|
||||||
"lib/renderer/api/ipc-renderer.js",
|
"lib/renderer/api/ipc-renderer.js",
|
||||||
|
|
|
@ -2,11 +2,11 @@
|
||||||
|
|
||||||
/* global nodeProcess, isolatedWorld */
|
/* global nodeProcess, isolatedWorld */
|
||||||
|
|
||||||
// Note: Don't use "process", as it will be replaced by browserify's one.
|
const atomBinding = require('@electron/internal/common/atom-binding-setup')(nodeProcess.binding, 'renderer')
|
||||||
const v8Util = nodeProcess.atomBinding('v8_util')
|
|
||||||
|
|
||||||
const isolatedWorldArgs = v8Util.getHiddenValue(isolatedWorld, 'isolated-world-args')
|
const v8Util = atomBinding('v8_util')
|
||||||
const { webViewImpl, ipcRenderer, guestInstanceId, isHiddenPage, openerId, usesNativeWindowOpen } = isolatedWorldArgs
|
|
||||||
|
const webViewImpl = v8Util.getHiddenValue(isolatedWorld, 'web-view-impl')
|
||||||
|
|
||||||
if (webViewImpl) {
|
if (webViewImpl) {
|
||||||
// Must setup the WebView element in main world.
|
// Must setup the WebView element in main world.
|
||||||
|
@ -14,4 +14,9 @@ if (webViewImpl) {
|
||||||
setupWebView(v8Util, webViewImpl)
|
setupWebView(v8Util, webViewImpl)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const isolatedWorldArgs = v8Util.getHiddenValue(isolatedWorld, 'isolated-world-args')
|
||||||
|
|
||||||
|
if (isolatedWorldArgs) {
|
||||||
|
const { ipcRenderer, guestInstanceId, isHiddenPage, openerId, usesNativeWindowOpen } = isolatedWorldArgs
|
||||||
require('@electron/internal/renderer/window-setup')(ipcRenderer, guestInstanceId, openerId, isHiddenPage, usesNativeWindowOpen)
|
require('@electron/internal/renderer/window-setup')(ipcRenderer, guestInstanceId, openerId, isHiddenPage, usesNativeWindowOpen)
|
||||||
|
}
|
||||||
|
|
|
@ -58,32 +58,28 @@ if (preloadScript) {
|
||||||
preloadScripts.push(preloadScript)
|
preloadScripts.push(preloadScript)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (window.location.protocol === 'chrome-devtools:') {
|
switch (window.location.protocol) {
|
||||||
|
case 'chrome-devtools:': {
|
||||||
// Override some inspector APIs.
|
// Override some inspector APIs.
|
||||||
require('@electron/internal/renderer/inspector')
|
require('@electron/internal/renderer/inspector')
|
||||||
} else if (window.location.protocol === 'chrome-extension:') {
|
break
|
||||||
// Add implementations of chrome API.
|
}
|
||||||
|
case 'chrome-extension:': {
|
||||||
|
// Inject the chrome.* APIs that chrome extensions require
|
||||||
require('@electron/internal/renderer/chrome-api').injectTo(window.location.hostname, isBackgroundPage, window)
|
require('@electron/internal/renderer/chrome-api').injectTo(window.location.hostname, isBackgroundPage, window)
|
||||||
} else if (window.location.protocol === 'chrome:') {
|
break
|
||||||
// Disable node integration for chrome UI scheme.
|
}
|
||||||
} else {
|
default: {
|
||||||
// Override default web functions.
|
// Override default web functions.
|
||||||
require('@electron/internal/renderer/window-setup')(ipcRenderer, guestInstanceId, openerId, isHiddenPage, usesNativeWindowOpen)
|
require('@electron/internal/renderer/window-setup')(ipcRenderer, guestInstanceId, openerId, isHiddenPage, usesNativeWindowOpen)
|
||||||
|
|
||||||
// Inject content scripts.
|
// Inject content scripts.
|
||||||
require('@electron/internal/renderer/content-scripts-injector')
|
require('@electron/internal/renderer/content-scripts-injector')
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Load webview tag implementation.
|
// Load webview tag implementation.
|
||||||
if (webviewTag && guestInstanceId == null) {
|
require('@electron/internal/renderer/web-view/web-view-init')(contextIsolation, webviewTag, guestInstanceId)
|
||||||
const webViewImpl = require('@electron/internal/renderer/web-view/web-view-impl')
|
|
||||||
if (contextIsolation) {
|
|
||||||
Object.assign(isolatedWorldArgs, { webViewImpl })
|
|
||||||
} else {
|
|
||||||
const { setupWebView } = require('@electron/internal/renderer/web-view/web-view-element')
|
|
||||||
setupWebView(v8Util, webViewImpl)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Pass the arguments to isolatedWorld.
|
// Pass the arguments to isolatedWorld.
|
||||||
if (contextIsolation) {
|
if (contextIsolation) {
|
||||||
|
@ -163,15 +159,3 @@ for (const preloadScript of preloadScripts) {
|
||||||
|
|
||||||
// Warn about security issues
|
// Warn about security issues
|
||||||
require('@electron/internal/renderer/security-warnings')(nodeIntegration)
|
require('@electron/internal/renderer/security-warnings')(nodeIntegration)
|
||||||
|
|
||||||
// Report focus/blur events of webview to browser.
|
|
||||||
// Note that while Chromium content APIs have observer for focus/blur, they
|
|
||||||
// unfortunately do not work for webview.
|
|
||||||
if (guestInstanceId) {
|
|
||||||
window.addEventListener('focus', () => {
|
|
||||||
ipcRenderer.send('ELECTRON_GUEST_VIEW_MANAGER_FOCUS_CHANGE', true, guestInstanceId)
|
|
||||||
})
|
|
||||||
window.addEventListener('blur', () => {
|
|
||||||
ipcRenderer.send('ELECTRON_GUEST_VIEW_MANAGER_FOCUS_CHANGE', false, guestInstanceId)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
35
lib/renderer/web-view/web-view-init.js
Normal file
35
lib/renderer/web-view/web-view-init.js
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
'use strict'
|
||||||
|
|
||||||
|
const ipcRenderer = require('@electron/internal/renderer/ipc-renderer-internal')
|
||||||
|
const v8Util = process.atomBinding('v8_util')
|
||||||
|
|
||||||
|
function handleFocusBlur (guestInstanceId) {
|
||||||
|
// Note that while Chromium content APIs have observer for focus/blur, they
|
||||||
|
// unfortunately do not work for webview.
|
||||||
|
|
||||||
|
window.addEventListener('focus', () => {
|
||||||
|
ipcRenderer.send('ELECTRON_GUEST_VIEW_MANAGER_FOCUS_CHANGE', true, guestInstanceId)
|
||||||
|
})
|
||||||
|
|
||||||
|
window.addEventListener('blur', () => {
|
||||||
|
ipcRenderer.send('ELECTRON_GUEST_VIEW_MANAGER_FOCUS_CHANGE', false, guestInstanceId)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
module.exports = function (contextIsolation, webviewTag, guestInstanceId) {
|
||||||
|
// Load webview tag implementation.
|
||||||
|
if (webviewTag && guestInstanceId == null) {
|
||||||
|
const webViewImpl = require('@electron/internal/renderer/web-view/web-view-impl')
|
||||||
|
if (contextIsolation) {
|
||||||
|
v8Util.setHiddenValue(window, 'web-view-impl', webViewImpl)
|
||||||
|
} else {
|
||||||
|
const { setupWebView } = require('@electron/internal/renderer/web-view/web-view-element')
|
||||||
|
setupWebView(v8Util, webViewImpl)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (guestInstanceId) {
|
||||||
|
// Report focus/blur events of webview to browser.
|
||||||
|
handleFocusBlur(guestInstanceId)
|
||||||
|
}
|
||||||
|
}
|
|
@ -105,8 +105,12 @@ function preloadRequire (module) {
|
||||||
throw new Error('module not found')
|
throw new Error('module not found')
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Process command line arguments.
|
||||||
const { hasSwitch } = process.atomBinding('command_line')
|
const { hasSwitch } = process.atomBinding('command_line')
|
||||||
|
|
||||||
|
const isBackgroundPage = hasSwitch('background-page')
|
||||||
|
const contextIsolation = hasSwitch('context-isolation')
|
||||||
|
|
||||||
switch (window.location.protocol) {
|
switch (window.location.protocol) {
|
||||||
case 'chrome-devtools:': {
|
case 'chrome-devtools:': {
|
||||||
// Override some inspector APIs.
|
// Override some inspector APIs.
|
||||||
|
@ -115,22 +119,15 @@ switch (window.location.protocol) {
|
||||||
}
|
}
|
||||||
case 'chrome-extension:': {
|
case 'chrome-extension:': {
|
||||||
// Inject the chrome.* APIs that chrome extensions require
|
// Inject the chrome.* APIs that chrome extensions require
|
||||||
const isBackgroundPage = hasSwitch('background-page')
|
|
||||||
require('@electron/internal/renderer/chrome-api').injectTo(window.location.hostname, isBackgroundPage, window)
|
require('@electron/internal/renderer/chrome-api').injectTo(window.location.hostname, isBackgroundPage, window)
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (binding.guestInstanceId) {
|
const guestInstanceId = binding.guestInstanceId && parseInt(binding.guestInstanceId)
|
||||||
process.guestInstanceId = parseInt(binding.guestInstanceId)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Don't allow recursive `<webview>`.
|
// Load webview tag implementation.
|
||||||
if (!process.guestInstanceId && isWebViewTagEnabled) {
|
require('@electron/internal/renderer/web-view/web-view-init')(contextIsolation, isWebViewTagEnabled, guestInstanceId)
|
||||||
const webViewImpl = require('@electron/internal/renderer/web-view/web-view-impl')
|
|
||||||
const { setupWebView } = require('@electron/internal/renderer/web-view/web-view-element')
|
|
||||||
setupWebView(v8Util, webViewImpl)
|
|
||||||
}
|
|
||||||
|
|
||||||
const errorUtils = require('@electron/internal/common/error-utils')
|
const errorUtils = require('@electron/internal/common/error-utils')
|
||||||
|
|
||||||
|
|
|
@ -76,6 +76,19 @@ describe('<webview> tag', function () {
|
||||||
await emittedOnce(ipcMain, 'pong')
|
await emittedOnce(ipcMain, 'pong')
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('works with sandbox', async () => {
|
||||||
|
const w = await openTheWindow({
|
||||||
|
show: false,
|
||||||
|
webPreferences: {
|
||||||
|
webviewTag: true,
|
||||||
|
nodeIntegration: true,
|
||||||
|
sandbox: true
|
||||||
|
}
|
||||||
|
})
|
||||||
|
w.loadFile(path.join(fixtures, 'pages', 'webview-isolated.html'))
|
||||||
|
await emittedOnce(ipcMain, 'pong')
|
||||||
|
})
|
||||||
|
|
||||||
it('works with contextIsolation', async () => {
|
it('works with contextIsolation', async () => {
|
||||||
const w = await openTheWindow({
|
const w = await openTheWindow({
|
||||||
show: false,
|
show: false,
|
||||||
|
@ -89,6 +102,20 @@ describe('<webview> tag', function () {
|
||||||
await emittedOnce(ipcMain, 'pong')
|
await emittedOnce(ipcMain, 'pong')
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('works with contextIsolation + sandbox', async () => {
|
||||||
|
const w = await openTheWindow({
|
||||||
|
show: false,
|
||||||
|
webPreferences: {
|
||||||
|
webviewTag: true,
|
||||||
|
nodeIntegration: true,
|
||||||
|
contextIsolation: true,
|
||||||
|
sandbox: true
|
||||||
|
}
|
||||||
|
})
|
||||||
|
w.loadFile(path.join(fixtures, 'pages', 'webview-isolated.html'))
|
||||||
|
await emittedOnce(ipcMain, 'pong')
|
||||||
|
})
|
||||||
|
|
||||||
it('is disabled by default', async () => {
|
it('is disabled by default', async () => {
|
||||||
const w = await openTheWindow({
|
const w = await openTheWindow({
|
||||||
show: false,
|
show: false,
|
||||||
|
@ -1349,11 +1376,14 @@ describe('<webview> tag', function () {
|
||||||
if (div != null) div.remove()
|
if (div != null) div.remove()
|
||||||
})
|
})
|
||||||
|
|
||||||
|
const generateSpecs = (description, sandbox) => {
|
||||||
|
describe(description, () => {
|
||||||
it('emits resize events', async () => {
|
it('emits resize events', async () => {
|
||||||
const firstResizeSignal = waitForEvent(webview, 'resize')
|
const firstResizeSignal = waitForEvent(webview, 'resize')
|
||||||
const domReadySignal = waitForEvent(webview, 'dom-ready')
|
const domReadySignal = waitForEvent(webview, 'dom-ready')
|
||||||
|
|
||||||
webview.src = `file://${fixtures}/pages/a.html`
|
webview.src = `file://${fixtures}/pages/a.html`
|
||||||
|
webview.webpreferences = `sandbox=${sandbox ? 'yes' : 'no'}`
|
||||||
div.appendChild(webview)
|
div.appendChild(webview)
|
||||||
document.body.appendChild(div)
|
document.body.appendChild(div)
|
||||||
|
|
||||||
|
@ -1380,6 +1410,7 @@ describe('<webview> tag', function () {
|
||||||
it('emits focus event', async () => {
|
it('emits focus event', async () => {
|
||||||
const domReadySignal = waitForEvent(webview, 'dom-ready')
|
const domReadySignal = waitForEvent(webview, 'dom-ready')
|
||||||
webview.src = `file://${fixtures}/pages/a.html`
|
webview.src = `file://${fixtures}/pages/a.html`
|
||||||
|
webview.webpreferences = `sandbox=${sandbox ? 'yes' : 'no'}`
|
||||||
document.body.appendChild(webview)
|
document.body.appendChild(webview)
|
||||||
|
|
||||||
await domReadySignal
|
await domReadySignal
|
||||||
|
@ -1391,6 +1422,11 @@ describe('<webview> tag', function () {
|
||||||
await focusSignal
|
await focusSignal
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
generateSpecs('without sandbox', false)
|
||||||
|
generateSpecs('with sandbox', true)
|
||||||
|
})
|
||||||
|
|
||||||
describe('zoom behavior', () => {
|
describe('zoom behavior', () => {
|
||||||
const zoomScheme = remote.getGlobal('zoomScheme')
|
const zoomScheme = remote.getGlobal('zoomScheme')
|
||||||
|
|
Loading…
Reference in a new issue