diff --git a/atom/browser/api/atom_api_web_contents.cc b/atom/browser/api/atom_api_web_contents.cc index a18161a5584f..9739568ece52 100644 --- a/atom/browser/api/atom_api_web_contents.cc +++ b/atom/browser/api/atom_api_web_contents.cc @@ -1960,6 +1960,9 @@ v8::Local WebContents::GetLastWebPreferences( } bool WebContents::IsRemoteModuleEnabled() const { + if (web_contents()->GetVisibleURL().SchemeIs("chrome-devtools")) { + return false; + } if (auto* web_preferences = WebContentsPreferences::From(web_contents())) { return web_preferences->IsRemoteModuleEnabled(); } diff --git a/atom/browser/atom_browser_client.cc b/atom/browser/atom_browser_client.cc index e23c2dc0dd46..b2c986681b7d 100644 --- a/atom/browser/atom_browser_client.cc +++ b/atom/browser/atom_browser_client.cc @@ -505,6 +505,7 @@ void AtomBrowserClient::AppendExtraCommandLineSwitches( if (web_contents->GetVisibleURL().SchemeIs("chrome-devtools")) { command_line->AppendSwitch(service_manager::switches::kNoSandbox); command_line->AppendSwitch(::switches::kNoZygote); + command_line->AppendSwitch(switches::kDisableRemoteModule); } auto* web_preferences = WebContentsPreferences::From(web_contents); if (web_preferences) diff --git a/atom/browser/web_contents_preferences.cc b/atom/browser/web_contents_preferences.cc index 080ce6bd22c1..e4ac7092e446 100644 --- a/atom/browser/web_contents_preferences.cc +++ b/atom/browser/web_contents_preferences.cc @@ -128,6 +128,7 @@ WebContentsPreferences::WebContentsPreferences( SetDefaultBoolIfUndefined(options::kWebviewTag, false); SetDefaultBoolIfUndefined(options::kSandbox, false); SetDefaultBoolIfUndefined(options::kNativeWindowOpen, false); + SetDefaultBoolIfUndefined(options::kEnableRemoteModule, true); SetDefaultBoolIfUndefined(options::kContextIsolation, false); SetDefaultBoolIfUndefined("javascript", true); SetDefaultBoolIfUndefined("images", true); diff --git a/lib/browser/api/web-contents.js b/lib/browser/api/web-contents.js index 12e180715a7f..f4963216f9d6 100644 --- a/lib/browser/api/web-contents.js +++ b/lib/browser/api/web-contents.js @@ -368,17 +368,6 @@ const addReturnValueToEvent = (event) => { }) } -const safeProtocols = new Set([ - 'chrome-devtools:', - 'chrome-extension:' -]) - -const isWebContentsTrusted = function (contents) { - const pageURL = contents._getURL() - const { protocol } = url.parse(pageURL) - return safeProtocols.has(protocol) -} - // Add JavaScript wrappers for WebContents class. WebContents.prototype._init = function () { // The navigation controller. @@ -436,9 +425,7 @@ WebContents.prototype._init = function () { for (const eventName of forwardedEvents) { this.on(eventName, (event, ...args) => { - if (!isWebContentsTrusted(event.sender)) { - app.emit(eventName, event, this, ...args) - } + app.emit(eventName, event, this, ...args) }) } diff --git a/lib/browser/chrome-extension.js b/lib/browser/chrome-extension.js index f5e850bafbbd..0d6400617672 100644 --- a/lib/browser/chrome-extension.js +++ b/lib/browser/chrome-extension.js @@ -91,7 +91,8 @@ const startBackgroundPages = function (manifest) { const contents = webContents.create({ partition: 'persist:__chrome_extension', isBackgroundPage: true, - commandLineSwitches: ['--background-page'] + commandLineSwitches: ['--background-page'], + enableRemoteModule: false }) backgroundPages[manifest.extensionId] = { html: html, webContents: contents, name: name } contents.loadURL(url.format({ diff --git a/lib/browser/rpc-server.js b/lib/browser/rpc-server.js index c760b2ff06a0..14452e2fcf7d 100644 --- a/lib/browser/rpc-server.js +++ b/lib/browser/rpc-server.js @@ -264,10 +264,20 @@ const callFunction = function (event, contextId, func, caller, args) { } } +const isRemoteModuleEnabledCache = new WeakMap() + +const isRemoteModuleEnabled = function (contents) { + if (!isRemoteModuleEnabledCache.has(contents)) { + isRemoteModuleEnabledCache.set(contents, contents._isRemoteModuleEnabled()) + } + + return isRemoteModuleEnabledCache.get(contents) +} + const handleRemoteCommand = function (channel, handler) { ipcMainInternal.on(channel, (event, contextId, ...args) => { let returnValue - if (!event.sender._isRemoteModuleEnabled()) { + if (!isRemoteModuleEnabled(event.sender)) { event.returnValue = null return } @@ -506,7 +516,7 @@ ipcMainInternal.on('ELECTRON_BROWSER_SANDBOX_LOAD', function (event) { event.returnValue = { preloadScripts: preloadPaths.map(path => getPreloadScript(path)), - isRemoteModuleEnabled: event.sender._isRemoteModuleEnabled(), + isRemoteModuleEnabled: isRemoteModuleEnabled(event.sender), isWebViewTagEnabled: guestViewManager.isWebViewTagEnabled(event.sender), process: { arch: process.arch,