Disable node integration in devtools.

This commit is contained in:
Cheng Zhao 2014-02-21 22:42:33 +08:00
parent 57639133a9
commit ed34aa6fb3

View file

@ -11,6 +11,7 @@
#include "common/options_switches.h"
#include "renderer/api/atom_renderer_bindings.h"
#include "renderer/atom_render_view_observer.h"
#include "third_party/WebKit/public/web/WebDocument.h"
#include "third_party/WebKit/public/web/WebFrame.h"
#include "common/v8/node_common.h"
@ -19,11 +20,15 @@ namespace atom {
namespace {
// Security tokens.
const char* kExceptIframe = "except-iframe";
const char* kManualEnableIframe = "manual-enable-iframe";
const char* kDisable = "disable";
const char* kEnableNodeIntegration = "enable-node-integration";
// Scheme used by devtools
const char* kChromeDevToolsScheme = "chrome-devtools";
} // namespace
AtomRendererClient::AtomRendererClient()
@ -153,6 +158,9 @@ bool AtomRendererClient::IsNodeBindingEnabled(WebKit::WebFrame* frame) {
// Node integration is enabled in main frame unless explictly disabled.
else if (frame == main_frame_)
return true;
// Do not pollute devtools.
else if (GURL(frame->document().url()).SchemeIs(kChromeDevToolsScheme))
return false;
else if (node_integration_ == MANUAL_ENABLE_IFRAME &&
frame != NULL &&
frame->uniqueName().utf8().find(kEnableNodeIntegration)