mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

feat: Add content script world isolation (#17032)

Browse source 
* Execute content script in isolated world

* Inject script into newly created extension worlds

* Create new content_script_bundle for extension scripts

* Initialize chrome API in content script bundle

* Define Chrome extension isolated world ID range

1 << 20 was chosen as it provides a sufficiently large range of IDs for extensions, but also provides a large enough buffer for any user worlds in [1000, 1 << 20).

Ultimately this range can be changed if any user application raises it as an issue.

* Insert content script CSS into document

This now avoids a script wrapper to inject the style sheet. This closely matches the code used by chromium in `ScriptInjection::InjectCss`.

* Pass extension ID to isolated world via v8 private
This commit is contained in:
Samuel Maddock 2019-03-11 19:27:57 -04:00 committed by Samuel Attard
parent 6072da239d
commit f943db7ad5
11 changed files with 187 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

6
atom/renderer/atom_render_frame_observer.cc
View file

@ -113,6 +113,12 @@ void AtomRenderFrameObserver::DidCreateScriptContext(
CreateIsolatedWorldContext();
renderer_client_->SetupMainWorldOverrides(context, render_frame_);
}
if (world_id >= World::ISOLATED_WORLD_EXTENSIONS &&
world_id <= World::ISOLATED_WORLD_EXTENSIONS_END) {
renderer_client_->SetupExtensionWorldOverrides(context, render_frame_,
world_id);
}
}
void AtomRenderFrameObserver::DraggableRegionsChanged() {

13
atom/renderer/atom_render_frame_observer.h
View file

@ -11,6 +11,7 @@
#include "base/strings/string16.h"
#include "content/public/renderer/render_frame_observer.h"
#include "ipc/ipc_platform_file.h"
#include "third_party/blink/public/platform/web_isolated_world_ids.h"
#include "third_party/blink/public/web/web_local_frame.h"
namespace base {
@ -21,9 +22,19 @@ namespace atom {
enum World {
MAIN_WORLD = 0,
// Use a high number far away from 0 to not collide with any other world
// IDs created internally by Chrome.
ISOLATED_WORLD = 999
ISOLATED_WORLD = 999,
// Numbers for isolated worlds for extensions are set in
// lib/renderer/content-script-injector.ts, and are greater than or equal to
// this number, up to ISOLATED_WORLD_EXTENSIONS_END.
ISOLATED_WORLD_EXTENSIONS = 1 << 20,
// Last valid isolated world ID.
ISOLATED_WORLD_EXTENSIONS_END =
blink::IsolatedWorldId::kEmbedderWorldIdLimit - 1
};
// Helper class to forward the messages to the client.

21
atom/renderer/atom_renderer_client.cc
View file

@ -210,6 +210,27 @@ void AtomRendererClient::SetupMainWorldOverrides(
&isolated_bundle_args, nullptr);
}
void AtomRendererClient::SetupExtensionWorldOverrides(
v8::Handle<v8::Context> context,
content::RenderFrame* render_frame,
int world_id) {
auto* isolate = context->GetIsolate();
std::vector<v8::Local<v8::String>> isolated_bundle_params = {
node::FIXED_ONE_BYTE_STRING(isolate, "nodeProcess"),
node::FIXED_ONE_BYTE_STRING(isolate, "isolatedWorld"),
node::FIXED_ONE_BYTE_STRING(isolate, "worldId")};
std::vector<v8::Local<v8::Value>> isolated_bundle_args = {
GetEnvironment(render_frame)->process_object(),
GetContext(render_frame->GetWebFrame(), isolate)->Global(),
v8::Integer::New(isolate, world_id)};
node::per_process::native_module_loader.CompileAndCall(
context, "electron/js2c/content_script_bundle", &isolated_bundle_params,
&isolated_bundle_args, nullptr);
}
node::Environment* AtomRendererClient::GetEnvironment(
content::RenderFrame* render_frame) const {
if (injected_frames_.find(render_frame) == injected_frames_.end())

3
atom/renderer/atom_renderer_client.h
View file

@ -33,6 +33,9 @@ class AtomRendererClient : public RendererClientBase {
content::RenderFrame* render_frame) override;
void SetupMainWorldOverrides(v8::Handle<v8::Context> context,
content::RenderFrame* render_frame) override;
void SetupExtensionWorldOverrides(v8::Handle<v8::Context> context,
content::RenderFrame* render_frame,
int world_id) override;
private:
// content::ContentRendererClient:

24
atom/renderer/atom_sandboxed_renderer_client.cc
View file

@ -270,6 +270,30 @@ void AtomSandboxedRendererClient::SetupMainWorldOverrides(
&isolated_bundle_args, nullptr);
}
void AtomSandboxedRendererClient::SetupExtensionWorldOverrides(
v8::Handle<v8::Context> context,
content::RenderFrame* render_frame,
int world_id) {
auto* isolate = context->GetIsolate();
mate::Dictionary process = mate::Dictionary::CreateEmpty(isolate);
process.SetMethod("binding", GetBinding);
std::vector<v8::Local<v8::String>> isolated_bundle_params = {
node::FIXED_ONE_BYTE_STRING(isolate, "nodeProcess"),
node::FIXED_ONE_BYTE_STRING(isolate, "isolatedWorld"),
node::FIXED_ONE_BYTE_STRING(isolate, "worldId")};
std::vector<v8::Local<v8::Value>> isolated_bundle_args = {
process.GetHandle(),
GetContext(render_frame->GetWebFrame(), isolate)->Global(),
v8::Integer::New(isolate, world_id)};
node::per_process::native_module_loader.CompileAndCall(
context, "electron/js2c/content_script_bundle", &isolated_bundle_params,
&isolated_bundle_args, nullptr);
}
void AtomSandboxedRendererClient::WillReleaseScriptContext(
v8::Handle<v8::Context> context,
content::RenderFrame* render_frame) {

3
atom/renderer/atom_sandboxed_renderer_client.h
View file

@ -32,6 +32,9 @@ class AtomSandboxedRendererClient : public RendererClientBase {
content::RenderFrame* render_frame) override;
void SetupMainWorldOverrides(v8::Handle<v8::Context> context,
content::RenderFrame* render_frame) override;
void SetupExtensionWorldOverrides(v8::Handle<v8::Context> context,
content::RenderFrame* render_frame,
int world_id) override;
// content::ContentRendererClient:
void RenderFrameCreated(content::RenderFrame*) override;
void RenderViewCreated(content::RenderView*) override;

3
atom/renderer/renderer_client_base.h
View file

@ -34,6 +34,9 @@ class RendererClientBase : public content::ContentRendererClient {
virtual void DidClearWindowObject(content::RenderFrame* render_frame);
virtual void SetupMainWorldOverrides(v8::Handle<v8::Context> context,
content::RenderFrame* render_frame) = 0;
virtual void SetupExtensionWorldOverrides(v8::Handle<v8::Context> context,
content::RenderFrame* render_frame,
int world_id) = 0;
bool isolated_world() const { return isolated_world_; }