fix: execute session preload scripts in sandboxed renderers (#16538)
This commit is contained in:
parent
a25f82c91f
commit
fa5442f211
5 changed files with 47 additions and 33 deletions
|
@ -534,8 +534,7 @@ ipcMain.on('ELECTRON_BROWSER_CLIPBOARD_WRITE_FIND_TEXT', function (event, text)
|
||||||
setReturnValue(event, () => electron.clipboard.writeFindText(text))
|
setReturnValue(event, () => electron.clipboard.writeFindText(text))
|
||||||
})
|
})
|
||||||
|
|
||||||
ipcMain.on('ELECTRON_BROWSER_SANDBOX_LOAD', function (event) {
|
const getPreloadScript = function (preloadPath) {
|
||||||
const preloadPath = event.sender._getPreloadPath()
|
|
||||||
let preloadSrc = null
|
let preloadSrc = null
|
||||||
let preloadError = null
|
let preloadError = null
|
||||||
if (preloadPath) {
|
if (preloadPath) {
|
||||||
|
@ -545,10 +544,17 @@ ipcMain.on('ELECTRON_BROWSER_SANDBOX_LOAD', function (event) {
|
||||||
preloadError = errorUtils.serialize(err)
|
preloadError = errorUtils.serialize(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
return { preloadPath, preloadSrc, preloadError }
|
||||||
|
}
|
||||||
|
|
||||||
|
ipcMain.on('ELECTRON_BROWSER_SANDBOX_LOAD', function (event) {
|
||||||
|
const preloadPaths = [
|
||||||
|
...(event.sender.session ? event.sender.session.getPreloads() : []),
|
||||||
|
event.sender._getPreloadPath()
|
||||||
|
]
|
||||||
|
|
||||||
event.returnValue = {
|
event.returnValue = {
|
||||||
preloadPath,
|
preloadScripts: preloadPaths.map(path => getPreloadScript(path)),
|
||||||
preloadSrc,
|
|
||||||
preloadError,
|
|
||||||
isRemoteModuleEnabled: event.sender._isRemoteModuleEnabled(),
|
isRemoteModuleEnabled: event.sender._isRemoteModuleEnabled(),
|
||||||
isWebViewTagEnabled: guestViewManager.isWebViewTagEnabled(event.sender),
|
isWebViewTagEnabled: guestViewManager.isWebViewTagEnabled(event.sender),
|
||||||
process: {
|
process: {
|
||||||
|
|
|
@ -29,7 +29,7 @@ Object.setPrototypeOf(process, EventEmitter.prototype)
|
||||||
const ipcRenderer = require('@electron/internal/renderer/ipc-renderer-internal')
|
const ipcRenderer = require('@electron/internal/renderer/ipc-renderer-internal')
|
||||||
|
|
||||||
const {
|
const {
|
||||||
preloadPath, preloadSrc, preloadError, isRemoteModuleEnabled, isWebViewTagEnabled, process: processProps
|
preloadScripts, isRemoteModuleEnabled, isWebViewTagEnabled, process: processProps
|
||||||
} = ipcRenderer.sendSync('ELECTRON_BROWSER_SANDBOX_LOAD')
|
} = ipcRenderer.sendSync('ELECTRON_BROWSER_SANDBOX_LOAD')
|
||||||
|
|
||||||
process.isRemoteModuleEnabled = isRemoteModuleEnabled
|
process.isRemoteModuleEnabled = isRemoteModuleEnabled
|
||||||
|
@ -151,17 +151,19 @@ function runPreloadScript (preloadSrc) {
|
||||||
preloadFn(preloadRequire, preloadProcess, Buffer, global, setImmediate, clearImmediate)
|
preloadFn(preloadRequire, preloadProcess, Buffer, global, setImmediate, clearImmediate)
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
for (const { preloadPath, preloadSrc, preloadError } of preloadScripts) {
|
||||||
if (preloadSrc) {
|
try {
|
||||||
runPreloadScript(preloadSrc)
|
if (preloadSrc) {
|
||||||
} else if (preloadError) {
|
runPreloadScript(preloadSrc)
|
||||||
throw errorUtils.deserialize(preloadError)
|
} else if (preloadError) {
|
||||||
}
|
throw errorUtils.deserialize(preloadError)
|
||||||
} catch (error) {
|
}
|
||||||
console.error(`Unable to load preload script: ${preloadPath}`)
|
} catch (error) {
|
||||||
console.error(`${error}`)
|
console.error(`Unable to load preload script: ${preloadPath}`)
|
||||||
|
console.error(`${error}`)
|
||||||
|
|
||||||
ipcRenderer.send('ELECTRON_BROWSER_PRELOAD_ERROR', preloadPath, errorUtils.serialize(error))
|
ipcRenderer.send('ELECTRON_BROWSER_PRELOAD_ERROR', preloadPath, errorUtils.serialize(error))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Warn about security issues
|
// Warn about security issues
|
||||||
|
|
|
@ -1384,23 +1384,29 @@ describe('BrowserWindow module', () => {
|
||||||
assert.deepStrictEqual(defaultSession.getPreloads(), preloads)
|
assert.deepStrictEqual(defaultSession.getPreloads(), preloads)
|
||||||
})
|
})
|
||||||
|
|
||||||
it('loads the script before other scripts in window including normal preloads', function (done) {
|
const generateSpecs = (description, sandbox) => {
|
||||||
ipcMain.once('vars', function (event, preload1, preload2, preload3) {
|
describe(description, () => {
|
||||||
assert.strictEqual(preload1, 'preload-1')
|
it('loads the script before other scripts in window including normal preloads', function (done) {
|
||||||
assert.strictEqual(preload2, 'preload-1-2')
|
ipcMain.once('vars', function (event, preload1, preload2) {
|
||||||
assert.strictEqual(preload3, 'preload-1-2-3')
|
assert.strictEqual(preload1, 'preload-1')
|
||||||
done()
|
assert.strictEqual(preload2, 'preload-1-2')
|
||||||
|
done()
|
||||||
|
})
|
||||||
|
w.destroy()
|
||||||
|
w = new BrowserWindow({
|
||||||
|
show: false,
|
||||||
|
webPreferences: {
|
||||||
|
sandbox,
|
||||||
|
preload: path.join(fixtures, 'module', 'get-global-preload.js')
|
||||||
|
}
|
||||||
|
})
|
||||||
|
w.loadURL('about:blank')
|
||||||
|
})
|
||||||
})
|
})
|
||||||
w.destroy()
|
}
|
||||||
w = new BrowserWindow({
|
|
||||||
show: false,
|
generateSpecs('without sandbox', false)
|
||||||
webPreferences: {
|
generateSpecs('with sandbox', true)
|
||||||
nodeIntegration: true,
|
|
||||||
preload: path.join(fixtures, 'module', 'set-global-preload-3.js')
|
|
||||||
}
|
|
||||||
})
|
|
||||||
w.loadFile(path.join(fixtures, 'api', 'preloads.html'))
|
|
||||||
})
|
|
||||||
})
|
})
|
||||||
|
|
||||||
describe('"additionalArguments" option', () => {
|
describe('"additionalArguments" option', () => {
|
||||||
|
|
1
spec/fixtures/module/get-global-preload.js
vendored
Normal file
1
spec/fixtures/module/get-global-preload.js
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
require('electron').ipcRenderer.send('vars', window.preload1, window.preload2)
|
1
spec/fixtures/module/set-global-preload-3.js
vendored
1
spec/fixtures/module/set-global-preload-3.js
vendored
|
@ -1 +0,0 @@
|
||||||
window.preload3 = window.preload2 + '-3'
|
|
Loading…
Reference in a new issue