feat: enable world safe JS by default (#26889)

* feat: enable world safe JS by default * refactor: use the ctx bridge to send executeJavaScript results in a world safe way * docs: add more info about the breaking change * include default in IsEnabled check
2021-01-26 14:23:35 -08:00 · 2021-01-26 14:23:35 -08:00 · db08f08b88
commit db08f08b88
parent 78d4cb9f5c
6 changed files with 90 additions and 33 deletions
--- a/shell/renderer/api/electron_api_web_frame.cc
+++ b/shell/renderer/api/electron_api_web_frame.cc
@ -26,6 +26,8 @@
 #include "shell/common/gin_helper/promise.h"
 #include "shell/common/node_includes.h"
 #include "shell/common/options_switches.h"
+#include "shell/renderer/api/context_bridge/object_cache.h"
+#include "shell/renderer/api/electron_api_context_bridge.h"
 #include "shell/renderer/api/electron_api_spell_check_client.h"
 #include "shell/renderer/electron_renderer_client.h"
 #include "third_party/blink/public/common/browser_interface_broker_proxy.h"
@ -160,21 +162,25 @@ class ScriptExecutionCallback : public blink::WebScriptExecutionCallback {

  void CopyResultToCallingContextAndFinalize(
      v8::Isolate* isolate,
-      const v8::Local<v8::Value>& result) {
-    blink::CloneableMessage ret;
-    bool success;
-    std::string error_message;
+      const v8::Local<v8::Object>& result) {
+    v8::MaybeLocal<v8::Value> maybe_result;
+    bool success = true;
+    std::string error_message =
+        "An unknown exception occurred while getting the result of the script";
    {
      v8::TryCatch try_catch(isolate);
-      success = gin::ConvertFromV8(isolate, result, &ret);
+      context_bridge::ObjectCache object_cache;
+      maybe_result = PassValueToOtherContext(result->CreationContext(),
+                                             promise_.GetContext(), result,
+                                             &object_cache, false, 0);
+      if (maybe_result.IsEmpty() || try_catch.HasCaught()) {
+        success = false;
+      }
      if (try_catch.HasCaught()) {
        auto message = try_catch.Message();

-        if (message.IsEmpty() ||
-            !gin::ConvertFromV8(isolate, message->Get(), &error_message)) {
-          error_message =
-              "An unknown exception occurred while getting the result of "
-              "the script";
+        if (!message.IsEmpty()) {
+          gin::ConvertFromV8(isolate, message->Get(), &error_message);
        }
      }
    }
@ -190,7 +196,7 @@ class ScriptExecutionCallback : public blink::WebScriptExecutionCallback {
    } else {
      v8::Local<v8::Context> context = promise_.GetContext();
      v8::Context::Scope context_scope(context);
-      v8::Local<v8::Value> cloned_value = gin::ConvertToV8(isolate, ret);
+      v8::Local<v8::Value> cloned_value = maybe_result.ToLocalChecked();
      if (callback_)
        std::move(callback_).Run(cloned_value, v8::Undefined(isolate));
      promise_.Resolve(cloned_value);
@ -213,7 +219,8 @@ class ScriptExecutionCallback : public blink::WebScriptExecutionCallback {
                  value.As<v8::Object>()->CreationContext()) &&
            value->IsObject();
        if (should_clone_value) {
-          CopyResultToCallingContextAndFinalize(isolate, value);
+          CopyResultToCallingContextAndFinalize(isolate,
+                                                value.As<v8::Object>());
        } else {
          // Right now only single results per frame is supported.
          if (callback_)