Commit graph

405 commits

Author SHA1 Message Date
Milan Burda
0821edc843 refactor: cleanup web-frame-init.js (#14516)
* refactor: add error-utils.js

* fix exception handling for asyncWebFrameMethods

* remove dead code

* handle exceptions

* rename rehydratedError to deserializedError

* Revert "handle exceptions"

This reverts commit 396b179948b137f9e525e9ebba4f7c6e9bf19429.
2018-09-11 19:56:00 +10:00
Milan Burda
38419e3a6a chore: address TODO for WebContents.prototype.setSize / reportRemovedAttribute removal (#14517)
* chore: remove WebContents.prototype.setSize

* chore: remove reportRemovedAttribute

* chore: remove unused fixtures
2018-09-11 17:58:57 +10:00
Cheng Zhao
92e094c5f6 fix: manually manage WebContents of webview when it is detached 2018-09-07 15:47:58 +09:00
Charles Kerr
c5820bfabb
fix: don't use deprecated fstatNoException API (#14463) 2018-09-06 13:06:32 -05:00
Cheng Zhao
10176c71ff
fix: webview.focus() should move page focus to webview (#14427) 2018-09-03 11:41:54 +09:00
Cheng Zhao
0ecea96048 fix: use flexbox to style webview (#14400)
* fix: use flexbox to style webview

* docs: remove notes on browserplugin based webview
2018-09-01 08:53:13 +12:00
Milan Burda
3a79eacb6f refactor: don't expose CallbacksRegistry as an internal module (#14389) 2018-08-31 11:29:00 -07:00
Samuel Attard
1b7418fb7b
Revert "sec: deprecate some webPreference defaults to be secure-by-default (#14284)" (#14380)
This reverts commit 66d6ba8689.
2018-08-30 09:57:49 +12:00
Samuel Attard
66d6ba8689 sec: deprecate some webPreference defaults to be secure-by-default (#14284)
* feat: deprecate default value of nodeIntegration

* Use DeprecationStatus::Stable as the default instead of shadowing

* change wording of deprecations

* chore: also deprecate kWebviewTag and kContextIsolation

* chore: do as we preach, lets be secure-by-default in the default app
2018-08-29 13:14:04 -05:00
John Kleinschmidt
865435c491
Merge pull request #14287 from electron/miniak/ipc-refactoring
refactor: move common logic to handleRemoteCommand (rpc-server.js)
2018-08-28 17:06:38 -04:00
Cheng Zhao
459a2304b4 fix: emit focus/blur events for webview (#14344)
* fix: emit focus/blur events for webview

* test: webview can emit focus event
2018-08-28 13:35:44 -05:00
Milan Burda
28e4fcea3b refactor: move common logic to handleRemoteCommand 2018-08-27 21:06:03 +02:00
Milan Burda
c23e7fa101 refactor: implement ipcRenderer.sendTo in native code for better performance (#14285) 2018-08-24 14:14:39 -07:00
Cheng Zhao
6736d4ef29
fix: do not bubble up resize event from webview (#14271) 2018-08-23 15:42:35 +09:00
Cheng Zhao
cd8bb1d3b4
chore: print error when removed webview attribute is used (#14230)
* chore: print error when removed webview attribute is used

* docs: document removed webview features
2018-08-23 10:45:43 +09:00
Cheng Zhao
dd5b8769be fix: use OOPIF for webview tag (#13869)
* fix: use OOIF for webview tag

* fix: do not call GetNativeView for webview

* fix: OOIPF webview's WebContents is managed by embedder frame

* fix: guest view can not be focused

* fix: clear zoom controller when guest is destroyed

* fix: implement the webview resize event

The webview is no longer a browser plugin with the resize event, use
ResizeObserver instead.

* test: disable failed tests due to OOPIF webview

* fix: embedder can be destroyed earlier than guest

This happens when embedder is manually destroyed.

* fix: don't double attach

* fix: recreate iframe when webview is reattached

* fix: resize event may happen very early

* test: some tests are working after OOPIF webview

* chore: remove unused browser plugin webview code

* fix: get embedder via closure

When the "destroyed" event is emitted, the entry in guestInstances would be
cleared.

* chore: rename browserPluginNode to internalElement

* test: make the visibilityState test more robust

* chore: guestinstance can not work with OOPIF webview

* fix: element could be detached before got response from browser
2018-08-16 15:57:40 -07:00
Charles Kerr
29f07889e6
feat: add location url to "Node.js Integration with Remote Content" warning (#13973)
* docs: fix typo

* feat: add location url to Node+Remote warning
2018-08-07 20:40:21 -05:00
Cheng Zhao
305e3aad40
refactor: remove private webContents.getId() API (#13674) 2018-07-23 18:08:36 +09:00
Cheng Zhao
9d6f1a372e
fix: create WebContents for webview on request (#13713) 2018-07-21 11:11:28 +09:00
Cheng Zhao
e2029435c4 fix: use context counter as contextId
For sandboxed renderer it may not have a node::Environment in the context,
using a increasing counter as contextId works for all cases.
2018-07-19 11:00:10 -07:00
Shelley Vohr
6045d1218a
refactor: remove experimentalCanvasFeatures property (#13684) 2018-07-16 13:32:42 -07:00
Felix Rieseberg
deedf6c3f4 feat: Add isCurrentlyAudible() to WebContents (#13614)
* 🔧 Add isCurrentlyAudible() to WebContents

* ❤️ Implement feedback, use await to wait for event

* 👷 Add missing imports
2018-07-12 21:35:11 +10:00
Cheng Zhao
4cdb1b8fc3 fix double-freeing remote references
After the page does navigations, garbage collection can still happen in
the old context. This commit changes to store references to remote objects
by _pages_, instead of by _WebContents_.
2018-07-12 10:44:26 +09:00
deepak1556
7b47d69efe Remove did-get-response-details and did-get-redirect-request events
https://chromium-review.googlesource.com/c/chromium/src/+/805008
https://chromium-review.googlesource.com/c/chromium/src/+/786320
2018-06-19 11:49:41 +10:00
Alexey Kuzmin
dee9aef975 Add "enable_desktop_capturer" build flag (#13133)
* Make it possible to disable a module for a renderer

* Put DesktopCapturer API under a build flag

The name is "enable_desktop_capturer".
Enabled by default.
2018-06-13 11:15:34 -05:00
Thiago de Arruda
6ff111a141 perf: don't use JSON to send the result of ipcRenderer.sendSync. (#8953)
* Don't use JSON to send the result of `ipcRenderer.sendSync`.

- Change the return type of AtomViewHostMsg_Message_Sync from `base::string16`
  to `base::ListValue`
- Adjust lib/browser/api/web-contents.js and /lib/renderer/api/ipc-renderer.js
  to wrap/unwrap return values to/from array, instead of
  serializing/deserializing JSON.

This change can greatly improve `ipcRenderer.sendSync` calls where the return
value contains Buffer instances, because those are converted to Array before
being serialized to JSON(which has no efficient way of representing byte
arrays).

A simple benchmark where remote.require('fs') was used to read a 16mb file got
at least 5x faster, not to mention it used a lot less memory.  This difference
tends increases with larger buffers.

* Don't base64 encode Buffers

* Don't allocate V8ValueConverter on the heap

* Replace hidden global.sandbox with NodeBindings::IsInitialized()

* Refactoring: check NodeBindings::IsInitialized() in V8ValueConverter

* Refactor problematic test to make it more reliable

* Add tests for NaN and Infinity
2018-06-13 17:38:31 +10:00
Charles Kerr
b89fe86fa1
Merge pull request #13050 from electron/3.0.0-deprecations
chore: removal of 3.0.0 deprecations
2018-05-30 09:25:36 +02:00
Milan Burda
4cfe5ecaa4 add proper support for typed arrays in remote (#13055) 2018-05-24 21:05:46 +09:00
Shelley Vohr
322a303683
address changes from review 2018-05-23 15:57:58 -07:00
Shelley Vohr
5f5322c64e
rename blinkFeatures to enableBlinkFeatures 2018-05-23 14:01:34 -07:00
Thiago de Arruda
6f076f7433 Refactor sandbox preload initialization. (#12877)
Use a single synchronous IPC call to retrieve data required by early
sandbox scripts. This has two purposes:

- Optimize preload script initialization by:
  - Using one synchronous IPC call to retrieve preload script,
  webContentsId (more on that later), process.{platform,execPath,env}
  - Lazy loading as many modules as possible.
- Fix #12316 for sandbox. @MarshallOfSound addressed the issue in
  #12342, but it was still present in sandbox mode. By loading
  webContentsId very early and skipping remote module at early
  startup, we fix it for sandbox.
2018-05-21 22:56:05 +10:00
biuuu
86d023b02f fix: listeners out of limit warning (#12841)
When the Chrome Extension has too many content scripts (above default
10 counts), there will be a warning: possible EventEmitter memory leak
detected. 11 listeners added.
2018-05-08 14:10:11 +09:00
bughit
55a7f6f0ce add did-frame-navigate event to WebContents (#12723)
* add did-frame-navigate event to WebContents, pass http response code to it and did-navigate

* docs for frame routing id related api changes on WebFrame and WebContents
2018-05-01 13:34:41 +09:00
bughit
4fcd178c36 expose WebFrame#routingId (#12614)
* expose WebFrame#routingId and pass it to WebContents frame specific events along with frameProcessId; add WebContets.did-start-navigation event
* fix compilation error on ia32 Windows
2018-04-26 19:17:55 +09:00
Tatsuya Hiroishi
9c65abd746 handle remote exception (#12694)
* add cause property to exception in callFunction

* update exceptionToMeta function

* add sender argument
* and cause property to return value

* update exception convert in metaToValue function

* add from and cause properties to the exception error

* unit test for remote exception
2018-04-24 08:40:19 -04:00
Nitish Sakhawalkar
2579071b98 Deprecate did-get-response-details and did-get-redirect-request (#12615)
* Deprecate webContents events did-get-response-details and did-get-redirect-request.

* Update guest view files

* Update webview tag docs and update specs

* Update deprecate.event function

* Update comment

* Update more

* Update documentation for other deprecated event
2018-04-23 14:46:12 -05:00
Jeremy Apthorp
97fb15ac49 Enable WebFrame method forwarding in sandboxed renderers (#12538)
* Enable WebFrame method forwarding in sandboxed renderers

Fixes #9073

* Non-change to kick CI
2018-04-12 11:57:40 +10:00
Andrew MacDonald
6bfb122cd1 Add a display_id parameter to the desktopCapturer API. (#12417)
* Add a screen_api_id parameter to the desktopCapturer API.

When using the DirectX capturer on Windows, there was previously no way
to associate desktopCapturer/getUserMedia and electron.screen API
screens. This new parameter provides the association.

* Fix non-Windows build.

* Fix Mac.

* Fix Mac harder.

* JS lint

* clang-format C++ code.

* IWYU

* display_id, Linux comment, better test

* lint

* Fix tests on Linux.

* Add display_id documentation.
2018-04-09 14:43:35 +09:00
Samuel Attard
0ac883c6d4
Remove the race condition between new process creation and context release (#12342)
* Remove the race condition between new process creation and old process releasing remote context

Previously there was a race condition where the getId() method would return the new context ID even
though the release was for the old context.  This changes it to send the "initial" context ID with
the release message to ensure there is no race.

* fetch context ID from remote in sandbox mode
2018-03-20 15:54:47 +11:00
Felix Rieseberg
243ab45111 🔧 Fix security warning (#12309) 2018-03-16 06:21:38 +09:00
Charles Kerr
c2673aa970 Set appropriate defaults for webview options (#12271)
* Persist defaults to webPreferences object to JS land can read the inferred values instead of just user defined values

* Test inherited default propogation

* Refactor to remove coupling from fetching values and defaults

* Test description type

* Fix up tests
2018-03-15 13:56:46 +09:00
Shelley Vohr
9aeb61181a Fix require on network share path (#12282)
* first pass at server/network require fix

* refactor for clarity
2018-03-15 11:45:13 +09:00
Felix Rieseberg
71795ecc62 fix: Incorrect warnings in webviews (#12234)
* 🔧 Get correct webContents

* 🔧 Err, webPreferences
2018-03-13 10:55:32 +09:00
Samuel Attard
795447f61a Implement dialog (alert/confirm) blocking as a user switch after the first dialog
* This is to enable more browser-like behavior so that users who run third-party code
  will not be DOS'ed with alerts and confirms.  This is already handled like this
  in most major browsers so this will greatly help these developers
2018-03-06 11:19:15 +09:00
John Kleinschmidt
2a97e48465
Merge pull request #11968 from electron/refactor-menu-popup
Refactor menu.popup
2018-02-21 14:29:52 -05:00
Charles Kerr
708f39a1a5 update a few menu.popup() calls to use the new API 2018-02-20 14:02:24 -06:00
Shelley Vohr
211b542ae4
remove setZoomLevelLimits 2018-02-20 08:57:48 -05:00
Felix Rieseberg
d586ef2f39 feature: Hot security tips (#11810)
* 🔧 Add security issue detection (and logs)

* 🔧 Check for it on load

* 👷 Add some tests

* 👷 Make the linter happy

* 🔧 Allow them to be enabled by force

* 📝 Make message slightly prettier

* 🔧 Fix a typo in the code comment

* 🔧 Classic mistake

* 🚀 Optimize things a bit more

* 👷 Add tests, fix tests

* 📝 Document things

* 🔧 Make linter happy

* 🔧 One more piece of cleanup
2018-02-03 07:50:12 -07:00
Shelley Vohr
b74304145e
createShadowRoot => attachShadow 2018-01-31 19:29:23 -05:00
Zhuo Lu
d45914c3f7 MenuItem roles camelCase-compatible 2017-12-28 13:28:20 +08:00
Cheng Zhao
cb3a9c69ab Add a SessionPreferences to manage session related data
By design the BrowserClient should not be aware of the api:: classes.
2017-12-05 15:59:15 +09:00
Samuel Attard
d9359d8b6c s/global/session in constants 2017-12-05 11:35:53 +09:00
Samuel Attard
d2707315e6 s/global/session 2017-12-05 11:35:53 +09:00
Samuel Attard
0ddd078aaf Add ability to set global preload scripts 2017-12-05 11:35:27 +09:00
Cheng Zhao
59476f0b30 Create webContents for webview even when src is not set 2017-12-01 10:35:23 +09:00
Felix Rieseberg
f7d6e3fa7b 🔧 Disable standard/no-callback-literal where necessary 2017-11-23 13:53:03 -08:00
Charles Kerr
5eb00e45aa
Merge pull request #11158 from electron/execute-errors
fix: Pass on errors thrown in `executeJavaScript`
2017-11-20 09:14:05 -06:00
Ronald Eddy
14c6e78147 Update electron.atom.io -> electronjs.org
Update electron.atom.io -> electronjs.org to reduce redirects and speed navigation.
2017-11-19 04:01:33 -08:00
Felix Rieseberg
1dea186a6e :thinking_face: What if you could return an Error? 2017-11-18 00:50:53 -08:00
Shelley Vohr
8736a41cfb
Merge pull request #10909 from electron/update_remote
Simplify and remove excess code from remote module
2017-11-03 09:16:28 -04:00
Shelley Vohr
803fa35484
fix null value check 2017-11-03 08:47:21 -04:00
Shelley Vohr
2b2c7d7f9f
fix object serialization test issue 2017-11-02 21:29:17 -04:00
Shelley Vohr
5c318932c2
add some structural changes 2017-11-02 21:07:40 -04:00
Charles Kerr
1c09dede1a singletons that are retroactively turned into EventEmitters should call the EventEmitter ctor 2017-11-01 23:05:27 -05:00
John Kleinschmidt
beb06c0787 Merge pull request #10537 from qazbnm456/improve-content_scripts.css
[Security] Use textContent instead innerHTML to remediate DOM based XSS
2017-10-26 11:51:43 -04:00
Shelley Vohr
5f6f117bad
changes from review 2017-10-25 23:41:11 -04:00
Shelley Vohr
d4880b135a
revert ipc lookup table 2017-10-25 15:36:16 -04:00
Shelley Vohr
c0f2a7b44a
fix standard issues 2017-10-25 09:56:02 -04:00
Shelley Vohr
f129622446
clean up remote 2017-10-25 09:51:21 -04:00
Shelley Vohr
7593bec687
update reviewed items 2017-10-24 19:36:06 -04:00
Shelley Vohr
b58ceae69c
appease linter gods 2017-10-24 12:28:15 -04:00
Shelley Vohr
43e118fe45
update desktop capturer and remove unnessary vars 2017-10-24 12:01:51 -04:00
Felix Rieseberg
2bd8877be3 🔧 String comparison 2017-10-07 08:26:32 -07:00
Felix Rieseberg
63749e281d 🔧 Linters gotta lint 2017-10-06 13:36:54 -07:00
Felix Rieseberg
11ac780caf 🔧 Add security warning 2017-10-06 13:02:54 -07:00
Boik
16499358b3 fix lint 2017-09-17 14:09:12 +08:00
Boik
d86724f17a code improvement 2017-09-17 13:56:22 +08:00
Boik
26e6f2c46c use textContent instead innerHTML to remediateDOM based XSS vulnerbilities 2017-09-17 11:27:03 +08:00
Alexandre Lachèze
e1a232e7c8 Add support for css in content_scripts 2017-09-14 17:23:33 +09:00
Cheng Zhao
bd87982b5c Merge pull request #10075 from alexstrat/fix/fix-content_scripts-match
Fix content scripts matches
2017-07-24 15:27:55 +09:00
Cheng Zhao
25f168cecb Merge pull request #9951 from alexstrat/fix-chrome-storage
Fix chrome storage access scope
2017-07-24 14:01:15 +09:00
Alexandre Lachèze
a2ba4e0a6a fix content scripts matches 2017-07-20 20:01:49 +02:00
Alexandre Lachèze
498f344e2e Correct mkdir 2017-07-20 19:50:55 +02:00
Kevin Sawicki
553021bc9c Only assign opener when not using nativeWindowOpen 2017-07-17 11:55:15 -07:00
Alexandre Lachèze
ec8407c65d Recursively mkdir the parent directories 2017-07-11 00:56:45 +02:00
Alexandre Lachèze
c85f3cbd2c Change storage implementation to async 2017-07-11 00:35:53 +02:00
Alexandre Lachèze
9aac8967aa 👕 2017-07-10 23:56:44 +02:00
Alexandre Lachèze
969c74b886 Use es6 string templating 2017-07-10 23:50:59 +02:00
Alexandre Lachèze
73e8769b1f content_scripts[].matches use the URL without hash part 2017-07-07 04:14:36 +02:00
Alexandre Lachèze
ec10338364 Per-extension storage 2017-07-07 03:13:19 +02:00
Alexandre Lachèze
d2002ff3fc Use a file as Chrome Storage rather than localStorage 2017-07-07 03:06:53 +02:00
Birunthan Mohanathas
7d2226e05e Let Chromium manage document.visibilityState and document.hidden
Chromium already includes the necessary plumbing to manage the
visibility properties and `visibilitychange` event so this gets rid of
most of our custom logic for `BrowserWindow` and `BrowserView`.

Note that `webview` remains unchanged and is still affected by the issues
listed below.

User facing changes:

- The `document` visibility properties and `visibilitychange` event are
  now also updated/fired in response to occlusion changes on macOS. In
  other words, `document.visibilityState` will now be `hidden` on macOS
  if the window is occluded by another window.

- Previously, `visibilitychange` was also fired by *both* Electron and
  Chromium in some cases (e.g. when hiding the window). Now it is only
  fired by Chromium so you no longer get duplicate events.

- The visiblity state of `BrowserWindow`s created with `{ show: false }`
  is now initially `visible` until the window is shown and hidden.

- The visibility state of `BrowserWindow`s with `backgroundThrottling`
  disabled is now permanently `visible`.

This should also fix #6860 (but not for `webview`).
2017-06-06 15:16:01 -07:00
Kevin Sawicki
a285a3e64b Default webviewTag to false 2017-05-17 14:01:45 -07:00
Kevin Sawicki
bde13353fb Rename option to webviewTag and default to nodeIntegration value 2017-05-17 13:12:23 -07:00
Kevin Sawicki
837ea884de Merge remote-tracking branch 'origin/master' into enable-webview 2017-05-17 12:45:29 -07:00
Thiago de Arruda
6b5bd3b6ce Fix how rpc-server releases references after page reload
In addition to listening for "render-view-deleted", listen for
"ELECTRON_BROWSER_CONTEXT_RELEASE" synchronous message, which is sent by the
remote module when the page is about to be navigated.

This is required to allow child windows running in the same renderer to
correctly manage remote object references, since `render-view-deleted` is only
called when the renderer exits.

Close #9387
2017-05-16 09:05:52 -03:00
HariJ
a05eb9047e Fixing missed variable name 2017-05-08 18:50:20 -07:00
Hari Krishna Reddy Juturu
3321f7d39c Changing command line option name 2017-05-08 17:27:31 -07:00
Hari Krishna Reddy Juturu
94d054cf11 Add option to override webview security 2017-05-06 22:10:42 -07:00
Hari Krishna Reddy Juturu
b4a8ed01f1 PR 44648: Enabling creation on webview with node-integration disabled and raising events
- Enabling creation on webview with node-integration disabled and raising events

Conflicts:
	lib/browser/guest-view-manager.js
2017-05-06 20:50:01 -07:00