mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

fix: ensure ElectronBrowser mojo service is only bound to appropriate render frames (#33323)

Browse source 
* fix: ensure ElectronBrowser mojo service is only bound to authorized render frames

Notes: no-notes

* refactor: extract electron API IPC to its own mojo interface

* fix: just check main frame not primary main frame
This commit is contained in:
Samuel Attard 2022-03-18 19:50:05 -07:00 committed by GitHub
parent f2b06324b8
commit e07c2b84d7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 381 additions and 229 deletions
Download patch file Download diff file Expand all files Collapse all files

13
shell/browser/api/electron_api_web_contents.cc
View file

@ -1751,7 +1751,7 @@ void WebContents::Message(bool internal,
// webContents.emit('-ipc-message', new Event(), internal, channel,
// arguments);
EmitWithSender("-ipc-message", render_frame_host,
electron::mojom::ElectronBrowser::InvokeCallback(), internal,
electron::mojom::ElectronApiIPC::InvokeCallback(), internal,
channel, std::move(arguments));
}
@ -1759,7 +1759,7 @@ void WebContents::Invoke(
bool internal,
const std::string& channel,
blink::CloneableMessage arguments,
electron::mojom::ElectronBrowser::InvokeCallback callback,
electron::mojom::ElectronApiIPC::InvokeCallback callback,
content::RenderFrameHost* render_frame_host) {
TRACE_EVENT1("electron", "WebContents::Invoke", "channel", channel);
// webContents.emit('-ipc-invoke', new Event(), internal, channel, arguments);
@ -1785,7 +1785,7 @@ void WebContents::ReceivePostMessage(
v8::Local<v8::Value> message_value =
electron::DeserializeV8Value(isolate, message);
EmitWithSender("-ipc-ports", render_frame_host,
electron::mojom::ElectronBrowser::InvokeCallback(), false,
electron::mojom::ElectronApiIPC::InvokeCallback(), false,
channel, message_value, std::move(wrapped_ports));
}
@ -1793,7 +1793,7 @@ void WebContents::MessageSync(
bool internal,
const std::string& channel,
blink::CloneableMessage arguments,
electron::mojom::ElectronBrowser::MessageSyncCallback callback,
electron::mojom::ElectronApiIPC::MessageSyncCallback callback,
content::RenderFrameHost* render_frame_host) {
TRACE_EVENT1("electron", "WebContents::MessageSync", "channel", channel);
// webContents.emit('-ipc-message-sync', new Event(sender, message), internal,
@ -1831,7 +1831,7 @@ void WebContents::MessageHost(const std::string& channel,
TRACE_EVENT1("electron", "WebContents::MessageHost", "channel", channel);
// webContents.emit('ipc-message-host', new Event(), channel, args);
EmitWithSender("ipc-message-host", render_frame_host,
electron::mojom::ElectronBrowser::InvokeCallback(), channel,
electron::mojom::ElectronApiIPC::InvokeCallback(), channel,
std::move(arguments));
}
@ -3270,7 +3270,8 @@ void WebContents::SetTemporaryZoomLevel(double level) {
}
void WebContents::DoGetZoomLevel(
electron::mojom::ElectronBrowser::DoGetZoomLevelCallback callback) {
electron::mojom::ElectronWebContentsUtility::DoGetZoomLevelCallback
callback) {
std::move(callback).Run(GetZoomLevel());
}

16
shell/browser/api/electron_api_web_contents.h
View file

@ -355,7 +355,7 @@ class WebContents : public ExclusiveAccessContext,
template <typename... Args>
bool EmitWithSender(base::StringPiece name,
content::RenderFrameHost* sender,
electron::mojom::ElectronBrowser::InvokeCallback callback,
electron::mojom::ElectronApiIPC::InvokeCallback callback,
Args&&... args) {
DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
v8::Isolate* isolate = JavascriptEnvironment::GetIsolate();
@ -399,7 +399,7 @@ class WebContents : public ExclusiveAccessContext,
fullscreen_frame_ = rfh;
}
// mojom::ElectronBrowser
// mojom::ElectronApiIPC
void Message(bool internal,
const std::string& channel,
blink::CloneableMessage arguments,
@ -407,9 +407,8 @@ class WebContents : public ExclusiveAccessContext,
void Invoke(bool internal,
const std::string& channel,
blink::CloneableMessage arguments,
electron::mojom::ElectronBrowser::InvokeCallback callback,
electron::mojom::ElectronApiIPC::InvokeCallback callback,
content::RenderFrameHost* render_frame_host);
void OnFirstNonEmptyLayout(content::RenderFrameHost* render_frame_host);
void ReceivePostMessage(const std::string& channel,
blink::TransferableMessage message,
content::RenderFrameHost* render_frame_host);
@ -417,7 +416,7 @@ class WebContents : public ExclusiveAccessContext,
bool internal,
const std::string& channel,
blink::CloneableMessage arguments,
electron::mojom::ElectronBrowser::MessageSyncCallback callback,
electron::mojom::ElectronApiIPC::MessageSyncCallback callback,
content::RenderFrameHost* render_frame_host);
void MessageTo(int32_t web_contents_id,
const std::string& channel,
@ -425,10 +424,15 @@ class WebContents : public ExclusiveAccessContext,
void MessageHost(const std::string& channel,
blink::CloneableMessage arguments,
content::RenderFrameHost* render_frame_host);
// mojom::ElectronWebContentsUtility
void OnFirstNonEmptyLayout(content::RenderFrameHost* render_frame_host);
void UpdateDraggableRegions(std::vector<mojom::DraggableRegionPtr> regions);
void SetTemporaryZoomLevel(double level);
void DoGetZoomLevel(
electron::mojom::ElectronBrowser::DoGetZoomLevelCallback callback);
electron::mojom::ElectronWebContentsUtility::DoGetZoomLevelCallback
callback);
void SetImageAnimationPolicy(const std::string& new_policy);
// Grants |origin| access to |device|.

2
shell/browser/api/event.h
View file

@ -13,7 +13,7 @@ namespace gin_helper {
class Event : public gin::Wrappable<Event> {
public:
using InvokeCallback = electron::mojom::ElectronBrowser::InvokeCallback;
using InvokeCallback = electron::mojom::ElectronApiIPC::InvokeCallback;
static gin::WrapperInfo kWrapperInfo;