* WIP
* Use serialization
* Rebase windows impl of new app requestSingleInstanceLock parameter
* Fix test
* Implement posix side
* Add backwards compatibility test
* Apply PR feedback Windows
* Fix posix impl
* Switch mac impl back to vector
* Refactor Windows impl
* Use vectors, inline make_span
* Use blink converter
* fix: ownership across sequences
* Fix upstream merge from Chromium
Co-authored-by: deepak1556 <hop2deep@gmail.com>
* feat: add support for validating asar archives on macOS
* chore: fix lint
* chore: update as per feedback
* feat: switch implementation to asar integrity hash checks
* feat: make ranged requests work with the asar file validator DataSourceFilter
* chore: fix lint
* chore: fix missing log include on non-darwin
* fix: do not pull block size out of missing optional
* fix: match ValidateOrDie symbol on non-darwin
* chore: fix up asar specs by repacking archives
* fix: maintain integrity chain, do not load file integrity if header integrity was not loaded
* debug test
* Update node-spec.ts
* fix: initialize header_validated_
* chore: update PR per feedback
* chore: update per feedback
* build: use final asar module
* Update fuses.json5
* test: running child app under ASan might receive SIGKILL
* test: renderer process of webview might receive SIGKILL under ASan
* test: increase timeout for asan build
* feat: enable context isolation by default
* chore: set default in ctx iso getter
* spec: make all specs work with the new contextIsolation default
* spec: fix affinity specs
* spec: update tests for new ctx iso default
* spec: update tests for new ctx iso default
* spec: update tests for new ctx iso default
* spec: update tests for new ctx iso default
* chore: move stray prod deps to dev deps
* spec: update tests for new ctx iso default
* turn off contextIsolation for visibility tests
* turn off contextIsolation for <webview> tag nodeintegration attribute loads native modules when navigation happens
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
* ci: cleanup up test app directories
* ci: use electron prefix for a testing apps so that the can be cleaned up
* Revert "ci: cleanup up test app directories"
This reverts commit a47daba812ee95f506cac0f1bfedda8be7b4e2f0.
* fixup test due to app name change
* feat: add worldSafe flag for executeJS results
* chore: do not log warning for webContents.executeJS
* Apply suggestions from code review
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
* chore: apply PR feedback
* chore: split logic a bit
* chore: allow primitives through the world safe checl
* chore: clean up per PR feedback
* chore: flip boolean logic
* chore: update per PR feedback
* chore: fix typo
* chore: fix spec
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
* chore: add deprecation warning for the default of contextIsolation
* chore: add to breaking changes
* Update docs/breaking-changes.md
Co-authored-by: Jeremy Apthorp <jeremya@chromium.org>
* chore: fix specs on windows
Co-authored-by: Jeremy Apthorp <jeremya@chromium.org>
* fix: let Node.js perform microtask checkpoint in the main process
* fix: don't specify v8::MicrotasksScope for explicit policy
* fix: remove checkpoint from some call-sites
We already perform checkpoint at the end of a task,
either through MicrotaskRunner or through NodeBindings.
There isn't a need to add them again when calling into JS
except when dealing with promises.
* fix: remove checkpoint from some call-sites
We already perform checkpoint at the end of a task,
either through MicrotaskRunner or through NodeBindings.
There isn't a need to add them again when calling into JS
except when dealing with promises.
* fix incorrect specs
* default constructor arguments are considered for explicit mark
* add regression spec
* refactor: port window.open and window.opener to use ctx bridge instead of hole punching
* refactor: only run the isolated init bundle when webview is enabled
* chore: add deprecation warning on setting app.allowRendererProcessReuse to false
* fix: no deprecation warnings in process reuse spec
* chore: add test for new deprecate removeProperty behavior
* docs: add references to app.whenReady() in isReady
* refactor: prefer app.whenReady()
In the docs, specs, and lib, replace instances of `app.once('ready')`
(seen occasionally) and `app.on('ready')` (extremely common) with
`app.whenReady()`.
It's better to encourage users to use whenReady():
1. it handles the edge case of registering for 'ready' after it's fired
2. it avoids the minor wart of leaving an active listener alive for
an event that wll never fire again
* chore: bump chromium in DEPS to a1ea0d7aedd6b5fe58fbabfa3b05aa8ee41304ff
* update patches
* update extensions code
* Remove WebPoint
https://chromium-review.googlesource.com/c/chromium/src/+/2007474
* fix build
* chore: bump chromium in DEPS to 9351e26c2a3714f8bbb10789c71bb51b0b494c75
* update patches
* Remove error description from the DidFailLoadWithError message
https://chromium-review.googlesource.com/c/chromium/src/+/2011280
* Make SimpleNetworkHintsHandlerImpl use the right NetworkIsolationKey
https://chromium-review.googlesource.com/c/chromium/src/+/1994430
* Rename libgtkui to gtk
https://chromium-review.googlesource.com/c/chromium/src/+/2011683
* [metrics] Remove histogram Startup.WarmStartTimeFromRemoteProcessStart*.
https://chromium-review.googlesource.com/c/chromium/src/+/2003211
* fix requestSingleInstanceLock test
* chore: bump chromium in DEPS to a813567a4f17ea08292c2b26fa10d0ffd47010d9
* chore: bump chromium in DEPS to f0aca2de536ceecd6eb66e928051d11e6d11991f
* chore: bump chromium in DEPS to 865556af6d0c9d990f5b1816cb792f7c3859667b
* chore: bump chromium in DEPS to 98538fdd28c4b6692e4cc2839729bb7ac009586a
* update patches
* fix broken tests
* Update node tests for v8 changes
* Update node patches for test failures
* Update for number of tests
Co-authored-by: Jeremy Apthorp <nornagon@nornagon.net>
Co-authored-by: John Kleinschmidt <jkleinsc@github.com>
* fix: restore parts of original ResourceRequestBody V8 conversion
Restore some of the original conversion logic in order to fix target=_blank post form submissions.
* test: add test for POST form submission
* fix: explicitly resize the contents when exiting html fullscreen while in OS fullscreen
* test: ensure HTML fullscreen toggles while in OS fullscreen
* refactor: use v8 serialization for ipc
* cloning process.env doesn't work
* serialize host objects by enumerating key/values
* new serialization can handle NaN, Infinity, and undefined correctly
* can't allocate v8 objects during GC
* backport microtasks fix
* fix compile
* fix node_stream_loader reentrancy
* update subframe spec to expect undefined instead of null
* write undefined instead of crashing when serializing host objects
* fix webview spec
* fix download spec
* buffers are transformed into uint8arrays
* can't serialize promises
* fix chrome.i18n.getMessage
* fix devtools tests
* fix zoom test
* fix debug build
* fix lint
* update ipcRenderer tests
* fix printToPDF test
* update patch
* remove accidentally re-added remote-side spec
* wip
* don't attempt to serialize host objects
* jump through different hoops to set options.webContents sometimes
* whoops
* fix lint
* clean up error-handling logic
* fix memory leak
* fix lint
* convert host objects using old base::Value serialization
* fix lint more
* fall back to base::Value-based serialization
* remove commented-out code
* add docs to breaking-changes.md
* Update breaking-changes.md
* update ipcRenderer and WebContents docs
* lint
* use named values for format tag
* save a memcpy for ~30% speedup
* get rid of calls to ShallowClone
* extra debugging for paranoia
* d'oh, use the correct named tags
* apparently msstl doesn't like this DCHECK
* funny story about that DCHECK
* disable remote-related functions when enable_remote_module = false
* nits
* use EnableIf to disable remote methods in mojom
* fix include
* review comments
* feat: enable picture in picture mode for video tags
* test: add test to verify picture in picture support
* lint: fix indent
* fix: clean up after rebase
* test: update test with 16:9 test video
* fix: .paches after rebase
* fix: don't handle browser messages before document element is created
* fix: bind ElectronApiServiceImpl later
DidCreateDocumentElement is called before the ElectronApiServiceImpl
gets bound.
* chore: add comment
* fix: disable remote host nodeIntegration warning for localhost
In warnAboutNodeWithRemoteContent(), add a check to see if the hostname
is "localhost" and prevent the warning message if it is.
* fix: disable loading insecure resources warning for localhost
In warnAboutInsecureResources(), filter out resources from localhost
since they are most likely not a threat.
* test: add tests for ignoring security warnings when using localhost
Add tests for ignoring warning messages for the following scenarios:
1. node integration with remote content from localhost
2. loading insecure resources from localhost
* test: fix insecure resource test
* test: pass nodeIntegration with remote test on did-finish-load
* test: maybe fix node integration test (error w/ conv circular struct)
* test: update test description
* test: use "load" event to check when nodeIntegration test has finished
Instead of relying on the "did-finish-load" event, which may result in
a race condition, add an "onload" handler that logs "loaded" to the
console. This will execute _after_ the nodeIntegration check, so it
can be safely used as a signal to indicate that the test is done.
* test: rename base-page-security-load-message.html
* fix: ignore enabled remote module warning for localhost
* refactor: add isLocalhost()
* Initial changes to use crashpad for windows
* Remove crashpad patch
* Report error when failed to connect pipe
* Allow crashpad to communicate with named pipe
* Add patch to make crashpad named pipe work
* Windows also needs crashReporter on main process
* Call SetUnhandledExceptionFilter in node process
Node can also use crash reporter.
* Do not treat node process as browser process
* No more need to manually start crash service
* Use base::StringPrintf for better readbility
* Print error when pipe name not available
* Make sure pipe name is updated
Note that the crashpad may be started after renderer process gets
created.
* Fix some tests
* Update node
* Exclude crashpad files on Linux and MAS
* Fix lint warning
* Remove unused checks
* kCrashpadPipeName is only available on Windows
* Fix uploadToServer tests
* Fix extra params tests
* Fix getCrashesDirectory tests
* Run crashReporter tests on CI
* Style fixes
* Update crashreporter docs
* Rename InitBreakpad to Init
* Add comment for process_type_.empty() and UTF16ToASCII to UTF16ToUTF8.
* Update build.gn include crashpad headers
* Address comment https://github.com/electron/electron/pull/18483#discussion_r290887898
* Avoid using api::WebContents
* Put kRunAsNode in atom_constants
* Remove duplicate settings on upload params
* Fix building on macOS
* Update description for crashpad_pid_check.patch
* Get a site instance related to current one instead of creation a new one
Using `GetRelatedSiteInstance` will keep the relation (same browsing instance) between the current and the new site instance.
* Some relies on preloads in opened window
The fact that, now, we always have an opener for opened windows diables note integration in opened windows, except if `nodeIntegrationInSubFrames` is enabled.
* Add a test on window.opener after cross-orgin navigation
* Make sure to unregisterProtocol in tests
* Introduc and use a NetworkSandbox for tests
* Modify tests about zoom persistence to properly simulate cross-origin navigation
* Revert "Modify tests about zoom persistence to properly simulate cross-origin navigation"
This reverts commit 0a7537f2eb7f183ddec16637e8a2e92a0d600321.
* chore: allow conditional disable of the site instance override patches at runtime
* feat: add app.allowRendererProcessReuse property to allow runtime disable of site instance overrides
spec: add tests for the new allowRendererProcessReuse property
feat: add console warnings / errors for loading non context-aware native modules
* Only error if the patch is disabled
* Warn all the time, this will ship in Electron 7
* fix: ensure the inspector agent is shutdown before cleaning up the node env
* spec: add tests to ensure clean shutdown with connected inspector agent
* Update node_debugger.cc
* spec: add tests for the autoUpdater on macOS that actually test if it works
* spec: add express as dep
* spec: add logic to auto-trust self-signed certificate and not run autoupdate specs on MAS
* build: fix the step name for importing the codesign cert
* chore: update updater spec PR as per feedback
* fix: s/atomBinding/electronBinding
* build: use spawn instead of exec
* test: add test for second-instance event parameter
* robustify getting data from child process
* fix test on windows
* fix lint
* Update api-app-spec.js
* fix package-lock.json
* feat: add support for content scripts 'all_frames' option
* merged content script tests
'all_frames' test now runs on all variants of sandbox/contentIsolation configurations :D
* Add content script injector to sandboxed renderer
* Fix 'getRenderProcessPreferences' binding to the wrong object
* Pass getRenderProcessPreferences to content-scripts-injector
* Emit document-start and document-end events in sandboxed renderer
* Use GetContext from RendererClientBase
* Prevent script context crash caused by lazily initialization
* Remove frame filtering logic for onExit callback
Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.
* Add initial content script tests
* Add contextIsolation variants to content script tests
* Add set include
* Fix already loaded extension error
* Add tests for content scripts 'run_at' options
* Catch script injection eval error when CSP forbids it
This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.
* Fix content script tests not properly cleaning up extensions
* Fix lint and type errors
* feat: promisify the Cookie API
* chore: update specs to test promisified cookies
* chore: add deprecate wrapper for cookie callback API
* docs: update docs to cookie promise changes
* chore: remove redundant namespace use
* docs: improve cookie example
* docs: restore docs for cookie callback API
* chore: restore cookie callback tests
* fix: syntax of cookie promise return types
* feat: add support for node / preloads in subframes
This feature has delibrately been built / implemented in such a way
that it has minimum impact on existing apps / code-paths.
Without enabling the new "nodeSupportInSubFrames" option basically none of this
new code will be hit.
The things that I believe need extra scrutiny are:
* Introduction of `event.reply` for IPC events and usage of `event.reply` instead of `event.sender.send()`
* Usage of `node::FreeEnvironment(env)` when the new option is enabled in order to avoid memory leaks. I have tested this quite a bit and haven't managed to cause a crash but it is still feature flagged behind the "nodeSupportInSubFrames" flag to avoid potential impact.
Closes#10569Closes#10401Closes#11868Closes#12505Closes#14035
* feat: add support preloads in subframes for sandboxed renderers
* spec: add tests for new nodeSupportInSubFrames option
* spec: fix specs for .reply and ._replyInternal for internal messages
* chore: revert change to use flag instead of environment set size
* chore: clean up subframe impl
* chore: apply suggestions from code review
Co-Authored-By: MarshallOfSound <samuel.r.attard@gmail.com>
* chore: clean up reply usage
* chore: fix TS docs generation
* chore: cleanup after rebase
* chore: rename wrap to add in event fns
Unify the behavior between default app and packaged apps:
- create default application menu unless the app has one
- default window-all-closed handling unless the app handles the event
* fix: emit IPC event in correct context if isolation and sandbox enabled
IPC events were not being delivered to renderer processes when both
`contextIsolation` and `sandbox` were enabled. This is because the
`AtomSandboxedRenderFrameObserver` class was incorrectly using the
`MainWorldScriptContext`, rather than conditionally selecting the
context based on if isolation was enabled.
Fixes#11922
* fix: use Chromium's determined new site instance as candidate when navigating.
When navigating to a new address, consider using Chromium's determined site instance
for the new page as it should belong to an existing browsing instance when the
navigation was triggered by window.open().
fixes 8100.
* Revert "fix: use Chromium's determined new site instance as candidate when navigating."
This reverts commit eb95f935654a2c4d4457821297670836c10fdfd5.
* fix: delegate site instance creation back to content when sandboxed.
* fix: ensure site isolation is on
* test: adapt ut for cross-site navigation
* fix: register pending processes during a navigation.
* refactor: dont call loadURL for a window constructed from an existing webContents.
* test: add sandboxed affinity UT's.
* fix: check affinity before deciding if to force a new site instance.
* chore: adapt subsequent patch.
* refactor: constify logically const methods.
* fix: do not reuse site instances when navigation redirects cross-site.
* test: ensure localStorage accessible after x-site redirect.
* test: adapt localStorage acess denied UT for site isolation.
* fix: do not send render-view-deleted for speculative frames.
* chore: amend tests after rebase.
* test: add ut for webContents' render-view-deleted emission
* fix: introduce current-render-view-deleted for current RVH's deletions.
Revert render-view-deleted to being emitted with any RVH's deletion.
current-render-view-deleted is emitted only when the RVH being deleted
is the current one.
* refactor: style and comments fixed.
* fix: backport patch that ensures that cookie store is always created
* fix: disable cookie encryption
* fix: flush the cookie store when NetworkContext shuts down
* test: add test for cookie store persistance
* Update patches/common/chromium/ensure_cookie_store.patch
Co-Authored-By: brenca <benecene@gmail.com>
* Update patches/common/chromium/ensure_cookie_store.patch
Co-Authored-By: brenca <benecene@gmail.com>
* fix: child window with nativeWindowOpen should disable node integration
* Revert "fix: do not enable node integration in child window if not enabled (#15076)"
This reverts commit 0252d7686c.
This patch is not needed anymore since we are force disabling node integration
for child windows.