* feat: add a new contextBridge module
* chore: fix docs linting
* feat: add support for function arguments being proxied
* chore: ensure that contextBridge can only be used when contextIsolation is enabled
* docs: getReverseBinding can be null
* docs: fix broken links in md file
* feat: add support for promises in function parameters
* fix: linting failure for explicit constructor
* Update atom_api_context_bridge.cc
* chore: update docs and API design as per feedback
* refactor: remove reverse bindings and handle GC'able functions across the bridge
* chore: only expose debugGC in testing builds
* fix: do not proxy promises as objects
* spec: add complete spec coverage for contextBridge
* spec: add tests for null/undefined and the anti-overwrite logic
* chore: fix linting
* spec: add complex nested back-and-forth function calling
* fix: expose contextBridge in sandboxed renderers
* refactor: improve security of default_app using the new contextBridge module
* s/bindAPIInMainWorld/exposeInMainWorld
* chore: sorry for this commit, its a big one, I fixed like everything and refactored a lot
* chore: remove PassedValueCache as it is unused now
Values transferred from context A to context B are now cachde in the RenderFramePersistenceStore
* chore: move to anonymous namespace
* refactor: remove PassValueToOtherContextWithCache
* chore: remove commented unused code blocks
* chore: remove .only
* chore: remote commented code
* refactor: extract RenderFramePersistenceStore
* spec: ensure it works with numbered keys
* fix: handle number keys correctly
* fix: sort out the linter
* spec: update default_app asar spec for removed file
* refactor: change signatures to return v8 objects directly rather than the mate dictionary handle
* refactor: use the v8 serializer to support cloneable buffers and other object types
* chore: fix linting
* fix: handle hash collisions with a linked list in the map
* fix: enforce a recursion limit on the context bridge
* chore: fix linting
* chore: remove TODO
* chore: adapt for PR feedback
* chore: remove .only
* chore: clean up docs and clean up the proxy map when objects are released
* chore: ensure we cache object values that are cloned through the V8 serializer
* refactor: bundle the browser and renderer process electron code
* Bundles browser/init and renderer/init
* Improves load performance of main process by ~40%
* Improves load performance of renderer process by ~30%
* Prevents users from importing our "requiring" our internal logic such
as ipc-main-internal. This makes those message buses safer as they are
less accessible, there is still some more work to be done though to lock
down those buses completely.
* The electron.asar file now only contains 2 files, as a future
improvement maybe we can use atom_natives to ship these two files
embedded in the binary
* This also removes our dependency on browserify which had some strange
edge cases that caused us to have to hack around require-order and
stopped us using certain ES6/7 features we should have been able to use
(async / await in some files in the sandboxed renderer init script)
TLDR: Things are faster and better :)
* fix: I really do not want to talk about it
* chore: add performance improvements from debugging
* fix: resolve the provided path so webpack thinks it is absolute
* chore: fixup per PR review
* fix: use webpacks ProvidePlugin to keep global, process and Buffer alive after deletion from global scope for use in internal code
* fix: bundle worker/init as well to make node-in-workers work
* chore: update wording as per feedback
* chore: make the timers hack work when yarn is not used
* spec: replace assert with expect in api-browser-view-spec.js
* spec: replace assert with expect in api-touch-bar-spec.js
* spec: replace assert with expect in api-web-frame-spec.js
* spec: replace assert with expect in api-web-contents-view-spec.js
* spec: replace assert with expect in security-warnings-spec.js
* spec: replace assert with expect in api-menu-item-spec.js
* spec: replace assert with expect in api-web-request-spec.js
* spec: replace assert with expect in api-remote-spec.js
* spec: replace assert with expect in api-session-spec.js
* spec: replace assert with expect in api-system-preferences-spec.js
* spec: replace assert with expect in api-browser-window-spec.js
* spec: replace assert with expect in webview-spec.js
* spec: replace assert with expect in api-net-spec.js
* spec: replace assert with expect in api-protocol-spec.js
* spec: replace assert with expect api-web-contents-spec.js
* spec: replace assert with expect in api-shell-spec.js
* spec: replace assert with expect in modules-spec.js
* spec: replace assert with expect in chromium-spec.js
* spec: replace assert with expect in api-crash-reporter-spec.js
* spec: replace assert with expect in asar-spec.js
* spec: rename assert-helpers to expect-helpers
* address PR feedback
* fix: add boringssl backport to support node upgrade
* fix: Update node_includes.h, add DCHECK macros
* fix: Update node Debug Options parser usage
* fix: Fix asar setup
* fix: using v8Util in isolated context
* fix: make "process" available in preload scripts
* fix: use proper options parser and remove setting of _breakFirstLine
_breakFirstLine was being set on the process, but that has changed in node 12 and so is no longer needed. Node will handle it properly when --inspect-brk is provided
* chore: update node dep sha
* fix: process.binding => _linkedBinding in sandboxed isolated preload
* fix: make original-fs work with streams
* build: override node module version
* fix: use _linkedBinding in content_script/init.js
* chore: update node ref in DEPS
* build: node_module_version should be 73
NodeJS implements `child_process.exec` by simply passing the whole
command to `child_process.execFile`. See:
- https://github.com/nodejs/node/blob/master/lib/child_process.js#L90
- https://github.com/nodejs/node/blob/master/lib/child_process.js#L99
Electron patches `child_process.execFile` to add support for `asar`
archives by injecting logic that extracts the required files from the
`asar` to a temporary location before delegating the work to the
original `child_process.execFile`.
In order to decide whether to inject the custom `asar` extracting logic,
Electron makes use of a helper function called `splitPath()`. See:
- https://github.com/electron/electron/blob/master/lib/common/asar.js#L37
If the first argument of the returned array equals `true`, means that
the path is considered to be an `asar` archive, and thus the extraction
logic takes place. The problem is that if the command passed to
`child_process.execFile` *contains* a path to an asar archive, padded
with other commands/arguments, `splitPath()` will consider it to be an
`asar` archive, and will try to extract it, throwing a rightfully
`Invalid package` error.
Fixes: https://github.com/electron/electron/issues/5571
Signed-off-by: Juan Cruz Viotti <jviottidc@gmail.com>
