mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

Add "sandboxed" option to "webPreferences".

Browse source 
When "sandboxed" is passed as a web preference for `BrowserWindow`, the newly
created renderer won't run any node.js code/integration, only communicating with
the system via the IPC API of the content module. This is a requirement for
running the renderer under chrome OS-level sandbox.

Beyond that, certain behaviors of AtomBrowserClient are modified when dealing
with sandboxed renderers:

- `OverrideSiteInstanceNavigation` no longer create a new `SiteInstance` for
  every navigation. Instead, it reuses the source `SiteInstance` when not
  navigating to a different site.
- `CanCreateWindow` will return true and allow javascript access.
This commit is contained in:
Thiago de Arruda 2016-08-15 07:59:08 -03:00
parent 90c5972fce
commit c783ec72bc
7 changed files with 104 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

21
atom/browser/web_contents_preferences.cc
View file

@ -97,6 +97,12 @@ void WebContentsPreferences::AppendExtraCommandLineSwitches(
command_line->AppendSwitchASCII(switches::kNodeIntegration,
node_integration ? "true" : "false");
// If the `sandbox` option was passed to the BrowserWindow's webPreferences,
// pass `--enable-sandbox` to the renderer so it won't have any node.js
// integration.
if (IsSandboxed(web_contents))
command_line->AppendSwitch(switches::kEnableSandbox);
// The preload script.
base::FilePath::StringType preload;
if (web_preferences.GetString(options::kPreloadScript, &preload)) {
@ -194,6 +200,21 @@ void WebContentsPreferences::AppendExtraCommandLineSwitches(
command_line->AppendSwitch(cc::switches::kEnableBeginFrameScheduling);
}
bool WebContentsPreferences::IsSandboxed(content::WebContents* web_contents) {
WebContentsPreferences* self;
if (!web_contents)
return false;
self = FromWebContents(web_contents);
if (!self)
return false;
base::DictionaryValue& web_preferences = self->web_preferences_;
bool sandboxed = false;
web_preferences.GetBoolean("sandbox", &sandboxed);
return sandboxed;
}
// static
void WebContentsPreferences::OverrideWebkitPrefs(
content::WebContents* web_contents, content::WebPreferences* prefs) {