fix: don't execute preload scripts for internal <iframe> in <webview> (#19260)

2019-07-17 02:13:05 +02:00 · 2019-07-17 02:13:05 +02:00 · d1c9f5e309
commit d1c9f5e309
parent b57e623c11
7 changed files with 81 additions and 3 deletions
--- a/shell/renderer/atom_render_frame_observer.cc
+++ b/shell/renderer/atom_render_frame_observer.cc
@ -81,7 +81,8 @@ void AtomRenderFrameObserver::DidCreateScriptContext(

  if (should_create_isolated_context) {
    CreateIsolatedWorldContext();
-    renderer_client_->SetupMainWorldOverrides(context, render_frame_);
+    if (!renderer_client_->IsWebViewFrame(context, render_frame_))
+      renderer_client_->SetupMainWorldOverrides(context, render_frame_);
  }

  if (world_id >= World::ISOLATED_WORLD_EXTENSIONS &&
--- a/shell/renderer/atom_renderer_client.cc
+++ b/shell/renderer/atom_renderer_client.cc
@ -83,7 +83,8 @@ void AtomRendererClient::DidCreateScriptContext(
      base::CommandLine::ForCurrentProcess()->HasSwitch(
          switches::kNodeIntegrationInSubFrames);
  bool should_load_node =
-      is_main_frame || is_devtools || allow_node_in_subframes;
+      (is_main_frame || is_devtools || allow_node_in_subframes) &&
+      !IsWebViewFrame(renderer_context, render_frame);
  if (!should_load_node) {
    return;
  }
--- a/shell/renderer/atom_sandboxed_renderer_client.cc
+++ b/shell/renderer/atom_sandboxed_renderer_client.cc
@ -208,7 +208,8 @@ void AtomSandboxedRendererClient::DidCreateScriptContext(
      base::CommandLine::ForCurrentProcess()->HasSwitch(
          switches::kNodeIntegrationInSubFrames);
  bool should_load_preload =
-      is_main_frame || is_devtools || allow_node_in_sub_frames;
+      (is_main_frame || is_devtools || allow_node_in_sub_frames) &&
+      !IsWebViewFrame(context, render_frame);
  if (!should_load_preload)
    return;

--- a/shell/renderer/renderer_client_base.cc
+++ b/shell/renderer/renderer_client_base.cc
@ -310,4 +310,28 @@ v8::Local<v8::Value> RendererClientBase::RunScript(
  return script->Run(context).ToLocalChecked();
 }

+bool RendererClientBase::IsWebViewFrame(
+    v8::Handle<v8::Context> context,
+    content::RenderFrame* render_frame) const {
+  auto* isolate = context->GetIsolate();
+
+  if (render_frame->IsMainFrame())
+    return false;
+
+  mate::Dictionary window_dict(
+      isolate, GetContext(render_frame->GetWebFrame(), isolate)->Global());
+
+  v8::Local<v8::Object> frame_element;
+  if (!window_dict.Get("frameElement", &frame_element))
+    return false;
+
+  mate::Dictionary frame_element_dict(isolate, frame_element);
+
+  v8::Local<v8::Object> internal;
+  if (!frame_element_dict.GetHidden("internal", &internal))
+    return false;
+
+  return !internal.IsEmpty();
+}
+
 }  // namespace electron
--- a/shell/renderer/renderer_client_base.h
+++ b/shell/renderer/renderer_client_base.h
@ -45,6 +45,10 @@ class RendererClientBase : public content::ContentRendererClient {
  static v8::Local<v8::Value> RunScript(v8::Local<v8::Context> context,
                                        v8::Local<v8::String> source);

+  // v8Util.getHiddenValue(window.frameElement, 'internal')
+  bool IsWebViewFrame(v8::Handle<v8::Context> context,
+                      content::RenderFrame* render_frame) const;
+
 protected:
  void AddRenderBindings(v8::Isolate* isolate,
                         v8::Local<v8::Object> binding_object);