Commit graph

641 commits

Author SHA1 Message Date
Samuel Attard
6df2680cb6
refactor: clean up webFrame implementation to use gin wrappers (#28497)
* refactor: clean up webFrame implementation to use gin wrappers

The previous implementation of webFrame in the renderer process leaked
sub-frame contexts and global objects across the context boundaries thus
making it possible for apps to either maliciously or accidentally
violate the contextIsolation boundary.

This re-implementation binds all methods in native code directly to
content::RenderFrame instances instead of relying on JS to provide a
"window" with every method request.  This is much more consistent with
the rest of the Electron codebase and is substantially safer.

* chore: un-re-order for ease of review

* chore: pass isolate around instead of ErrorThrower

* chore: fix rebase typo

* chore: remove unused variables
2021-04-12 16:35:18 -07:00
Shelley Vohr
95e26e2fd4
refactor: use URL API (#28583) 2021-04-09 14:22:18 -07:00
Milan Burda
da8c35e3b2
chore: remove deprecated worldSafeExecuteJavaScript option (#28456) 2021-04-08 12:03:57 -04:00
Milan Burda
55c66e3e92
chore: add types for electron_renderer_web_frame binding (#28455)
* chore: add types for electron_renderer_web_frame binding

* chore: use keyof for getWebPreference type

Co-authored-by: Samuel Attard <sattard@slack-corp.com>
2021-04-02 14:34:28 -07:00
Milan Burda
485fa5bea9
feat: add process.contextId used by @electron/remote (#28007) 2021-03-17 11:23:03 -07:00
Milan Burda
5b205731f6
chore: remove deprecated remote module (#25734)
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
2021-03-09 17:12:40 -08:00
Milan Burda
bf7e445883
fix: warning when worldSafeExecuteJavaScript is disabled (#27928) 2021-03-02 09:45:27 -08:00
Shelley Vohr
599f398ddc
fix: enableBlinkFeatures warning in webviews (#27753) 2021-02-18 11:11:35 -08:00
Jeremy Rose
706d9ede9b
refactor: only allow internal messages from the main process (#27676) 2021-02-09 17:12:26 -08:00
Milan Burda
79b3393768
chore: remove bunch of usages of any (#27512) 2021-01-29 12:41:59 -08:00
Milan Burda
64b7be751a
fix: CSP with unsafe-eval detection with Trusted Types (#27446) 2021-01-25 10:31:25 +09:00
Milan Burda
4a5c5843c4
fix: <webview> not working with Trusted Types (#27445) 2021-01-25 10:29:25 +09:00
Milan Burda
70190ec2b1
chore: update to latest TypeScript, which has built-in WeakRef declarations (#27425) 2021-01-22 11:25:47 -08:00
Milan Burda
8b74361b0c
refactor: store WeakMaps in CallbacksRegistry / ObjectsRegistry (#27037) 2021-01-20 14:03:10 -08:00
Samuel Attard
3db4e612f4
fix: handle security warnings promise when JS is disabled (#26837) 2020-12-07 10:58:00 -08:00
Nikita Kot
7672aa9525
feat: exposeInMainWorld allow to expose non-object APIs (#26594) 2020-12-04 09:43:20 -08:00
Milan Burda
b37982987a
chore: remove unused sendToAll + related APIs (#26771)
* chore: remove unused sendToAll + related APIs

* refactor: no need to args.ShallowClone() anymore
2020-12-03 15:55:50 +09:00
Milan Burda
022bafc485
chore: remove deprecated crashReporter APIs (#26695) 2020-11-26 22:07:40 +03:00
Milan Burda
c8d77cae4a
refactor: replace V8 hidden values with WeakMap / WeakSet (#26659) 2020-11-24 16:11:39 -05:00
Milan Burda
6932e02eb8
refactor: use getWebPreference() for all options (#26531) 2020-11-23 22:39:08 +03:00
Milan Burda
5ee9cc202b
fix: ensure that internal messages are sent from the main process (#26429) 2020-11-12 06:20:01 +03:00
loc
0b85fdf26c
feat: add webContents.setWindowOpenHandler API (#24517)
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
2020-11-10 09:06:03 -08:00
Jeremy Rose
34156c424c
fix: [webview] fix missing properties on events when contextIsolation: true (#26289) 2020-11-04 11:15:20 +09:00
Milan Burda
d25fa7b075
refactor: store <webview> attributes as typed Map (#26307) 2020-11-03 15:02:23 -08:00
Milan Burda
0c2e2bca92
refactor: don't send ipcRenderer.sendSync() returnValue as an array (#26178) 2020-10-28 18:48:20 +03:00
Milan Burda
2c68bad631
refactor: create IPC_MESSAGES enum for IPC message channels (#25694) 2020-10-14 00:11:06 +03:00
David Sanders
b194030a34
chore: cleanup some typos in comments (#25770) 2020-10-13 10:25:21 -07:00
Milan Burda
fb11a12d5b
refactor: replace a few any-s with proper types (#25681) 2020-10-08 03:01:23 +02:00
Milan Burda
db911f29ad
refactor: remove duplicate <webview> event list (#25697) 2020-10-06 15:11:26 +02:00
Milan Burda
8df4faa8f0
chore: cleanup typings/internal-electron.d.ts (#25711) 2020-10-02 04:52:29 +02:00
Jeremy Rose
822b044068
fix: suppress worldSafe warning emitted from security checks (#25692) 2020-10-01 08:59:52 -07:00
Jeremy Rose
9f4a097e03
feat: remove getMediaSourceIdForWebContents() (#25414)
This reverts commit 204f001c5d.
2020-09-14 10:38:05 -07:00
Jeremy Rose
dd781c4f63
chore: deprecate remote (#25293) 2020-09-10 09:17:17 -07:00
Samuel Maddock
860e14c0da
chore(extensions): remove old renderer code (#25347) 2020-09-08 20:11:38 +09:00
Samuel Attard
8baa9deccd
build: update to typescript 4 (#25091) 2020-08-24 11:23:25 -07:00
George Xu
beaf60de0a
feat: add nativeImage.createThumbnailFromPath API (#24802)
* initial commit, mac implementation

* add documentation

* convert createThumbnailFromPath to async function

* windows impl protoype

* add tests

* added test

* fix

* fix test

* clean up

* update docs

* cleaning up code

* fix test

* retrigger CI

* retrigger CI

* refactor from app to native_image

* windows build

* lint

* lint

* add smart pointers, fix test

* change tests and update docs

* fix test, remove nolint

* add renderer-main process routing to fix tests

* lint

* thanks sam

* thanks sam
2020-08-24 09:36:13 -07:00
Samuel Attard
b500294c1d
feat: add worldSafe flag for executeJS results (#24114)
* feat: add worldSafe flag for executeJS results

* chore: do not log warning for webContents.executeJS

* Apply suggestions from code review

Co-authored-by: Jeremy Rose <jeremya@chromium.org>

* chore: apply PR feedback

* chore: split logic a bit

* chore: allow primitives through the world safe checl

* chore: clean up per PR feedback

* chore: flip boolean logic

* chore: update per PR feedback

* chore: fix typo

* chore: fix spec

Co-authored-by: Jeremy Rose <jeremya@chromium.org>
2020-07-23 14:32:20 -07:00
Samuel Attard
f649e604be
build: tsify asar and move to webpack js2c pipeline (#24495)
* build: tsify asar and move to webpack js2c pipeline

* build: use the webpack provider for fs-wrapper
2020-07-16 11:38:31 -07:00
Jeremy Rose
36bd940bc3
refactor: ginify NativeImage (#24486) 2020-07-13 14:44:12 -07:00
Samuel Attard
ad16e6c647
build: update linting deps (#24461) 2020-07-08 21:19:49 -07:00
Shelley Vohr
659e79fc08
refactor: prevent consistent early exception (#24191)
* refactor: prevent consistent early exception

* Use _linkedBinding where possible

* Remove dead electronBinding
2020-06-22 20:32:45 -07:00
Jeremy Rose
379bb174e9
refactor: use WeakRef on renderer side of remote (#24037) 2020-06-12 15:50:03 -07:00
Jeremy Rose
7274467f73
refactor: tsify remote (#24034) 2020-06-11 11:36:03 -07:00
Jeremy Rose
78fe545d18
refactor: remove renderer-side refcount in remote (#24054) 2020-06-11 10:22:28 -07:00
Samuel Attard
969f46a48f
chore: remove IPC hiddens (#23720) 2020-06-02 02:33:06 -07:00
Shelley Vohr
e8ea007104
fix: ensure nativeImage serialization main->renderer (#23759) 2020-05-28 09:43:15 -07:00
Shelley Vohr
f78504515b
fix: handle asynchronous URL loading in bw proxy (#23776) 2020-05-27 13:50:54 -07:00
Jeremy Judeaux
204f001c5d
feat: add desktopCapturer.getMediaSourceIdForWebContents() to get stream source id from web contents (#22701)
* feat: add desktopCapturer.getMediaSourceIdForWebContents() to get stream source id from web contents

* Cleanup from #22701 PR comments
2020-05-26 16:34:24 -04:00
Shelley Vohr
762f7bcca2
refactor: use typeutils for nativeImage serialization (#23693) 2020-05-22 08:56:57 -07:00
Samuel Attard
e3c2ec9f7c
chore: remove unused isolated-world-args (#23716) 2020-05-21 20:11:58 -07:00
Milan Burda
df53816eea
feat: expose the desktopCapturer module in the main process (#23548) 2020-05-20 20:25:49 -04:00
Shelley Vohr
4b23a85475
refactor: correctly serialize nativeImage/buffer with typeUtils (#23666)
* refactor: correctly serialize nativeImage/buffer with typeUtils

* test: add serialization specs

* fix: construct from dataURL

* test: test for dataURL specificity
2020-05-20 13:42:42 -07:00
Shelley Vohr
ee0f67d541
fix: nativeImage remote serialization (#23543)
We weren't serializing nativeImages properly in the remote module, leading to gin conversion errors when trying to, for example, create a new context menu in the renderer with icons using nativeImage. This fixes that by adding a new special case to handle them.
2020-05-18 09:29:24 -07:00
Samuel Attard
9d7ba98209
refactor: remove the RenderFrameFunctionStore and use privates to memory manage (#23592) 2020-05-15 11:57:40 -07:00
Milan Burda
85fae67966
perf: use type-utils for desktopCapturer.getSources() result serialization (#23549) 2020-05-13 19:05:53 +02:00
Samuel Attard
7f9b7b2e95
chore: clean up context bridge scopes and add specs for internal bridge (#23334)
* chore: clean up context bridge context scopes

* spec: add specs for internalContextBridge
2020-05-11 13:41:42 -07:00
Milan Burda
392ea320cf
build: allow use of BUILDFLAG directives from within JS code (#20328) 2020-05-11 01:06:07 +02:00
Jeremy Apthorp
06bf0d08dc
fix: crashReporter incompatible with sandbox on Linux (#23265) 2020-05-07 13:31:26 -07:00
Robo
c438b93f18
fix: ensure guest-embedder map is updated when webview is removed (#23342)
There are use cases of webview where the container holding the webview is not
actually destroyed first, instead just webview gets removed from DOM, in such
situations the browser process map is not updated accordingly and holds reference
to stale guest contents, and any window operations like scroll, resize or keyboard
events that has to chain through browser embedder will lead to UAF crash.

Ref: https://github.com/microsoft/vscode/issues/92420
2020-04-30 21:33:14 -07:00
Jeremy Apthorp
8d0a612265
refactor: remove code for non-native extensions shim (#23340) 2020-04-30 09:38:09 -07:00
Samuel Attard
7377bb3736
fix: do not add 104 to the history length (#23301) 2020-04-27 15:53:47 -07:00
Samuel Attard
abe5cf398c
refactor: port window.open and window.opener to use ctx bridge instead of hole punching (#23235)
* refactor: port window.open and window.opener to use ctx bridge instead of hole punching

* refactor: only run the isolated init bundle when webview is enabled
2020-04-27 12:46:04 -07:00
Samuel Attard
8262f24fd8
fix: do not mutate ipc instances across contexts (#23236) 2020-04-22 16:36:15 -07:00
Samuel Attard
96bf9ce77f
refactor: port parts of window-setup to use ctx bridge instead of being run in the main world (#23194)
* refactor: port parts of window-setup to use ctx bridge instead of being run in the main world

* chore: update ctx bridge specs for new base numbers
2020-04-22 12:42:51 -07:00
Samuel Attard
b03bd8c45c
chore: rename atom things to electron things in our docs / scripts (#23100) 2020-04-13 14:32:29 -07:00
Jeremy Apthorp
b327478cf0
fix: prevent remote from messing with constructor names (#22820) 2020-03-25 13:13:10 -07:00
Samuel Attard
5d657dece4
build: enable JS semicolons (#22783) 2020-03-20 13:28:31 -07:00
Samuel Attard
b87b501161
build: update eslint + eslint plugins (#22777)
* build: run eslint --fix

* chore: manually fix all hasOwnProperty errors

* chore: manually fix all void 0 vs undefined errors

* chore: manually fix all async-in-promise errors

* chore: manually fix lexical declaration in case block
2020-03-20 11:12:18 -04:00
Samuel Attard
5e4e50c5eb
fix: remove bad usages of for-in and guard against it (#22616)
* fix: remove bad usages of for-in and guard against it

* Apply suggestions from code review

Co-Authored-By: Samuel Maddock <samuel.maddock@gmail.com>

* Apply suggestions from code review

Co-Authored-By: Jeremy Apthorp <jeremya@chromium.org>

* Update remote.js

Co-authored-by: Samuel Maddock <samuel.maddock@gmail.com>
Co-authored-by: Jeremy Apthorp <jeremya@chromium.org>
2020-03-17 13:17:55 -07:00
Jeremy Apthorp
b4d07f76d3
feat: MessagePorts in the main process (#22404) 2020-03-11 18:07:54 -07:00
Shelley Vohr
efc11563e8
fix: properly forward properties to webview (#22485) 2020-03-03 22:25:14 +00:00
Samuel Attard
360c1cad1b
chore: do not override history methods when rendererprocessreuse is enabled (#22335) 2020-02-24 12:14:11 -08:00
Jeremy Apthorp
602913cb4c
chore: rename node bindings atom => electron (#22176) 2020-02-14 06:25:39 -05:00
Jeremy Apthorp
b77f701aeb
feat: disable the remote module by default (#22091) 2020-02-10 10:49:09 -08:00
Jeremy Apthorp
ea89120c9e
chore: remove debugging log (#22093) 2020-02-07 12:31:08 -08:00
Jeremy Apthorp
2e1531ad90 feat: warn when remote is used without enableRemoteModule: true (#21546)
* feat: warn when remote is used without enableRemoteModule: true

* fix security warning
2020-01-13 15:23:03 +09:00
Milan Burda
31c93fec67 fix: load window-setup in sandboxed renderer (#21416) 2020-01-06 22:23:03 +01:00
Joël Charles
0bcfae752e feat: allow pages to override window.history.length (#17742)
* fix: allow pages to override window.history.length

* Update lib/renderer/window-setup.ts

Co-Authored-By: magne4000 <joel.charles91@gmail.com>

* fix: lint error
2019-12-16 11:14:27 +09:00
Jeremy Apthorp
dc9beda182
feat: remove deprecated setLayoutZoomLevelLimits (#21383) 2019-12-06 13:14:25 -08:00
Jeremy Apthorp
9526c5584e
fix: deprecate setLayoutZoomLevelLimits (#21296) 2019-12-02 13:27:03 -08:00
Samuel Attard
ee58d60612
fix: ensure no node globals passively leak when nodeIntegration is disabled (#21342) 2019-12-02 10:09:47 -08:00
Milan Burda
1d596f616d fix: NativeImage serialization of <webview>.capturePage() result (#20825) 2019-11-12 21:56:17 +01:00
Milan Burda
093f2dd4a6 chore: remove deprecated <webview>.getWebContents() (#20986) 2019-11-08 15:46:35 -05:00
Milan Burda
f1e7393e30 feat: deprecate <webview>.getWebContents() (#20726) 2019-11-07 09:43:19 -08:00
Milan Burda
a034f5db0d refactor: add Error to isSerializableObject() (#20886) 2019-11-04 14:35:57 -08:00
Milan Burda
ee7ce3954a fix: don't export __esModule = true by electron.ts (#20939) 2019-11-04 14:16:42 -08:00
Jeremy Apthorp
8dfc896cfa
refactor: send the 'close' message asynchronously (#20796) 2019-10-30 13:13:01 -07:00
Milan Burda
3d56e13b38 fix: devtools extensions not loading (#20791) 2019-10-30 14:46:52 +09:00
Milan Burda
ba8f80267c fix: send ELECTRON_BROWSER_CONTEXT_RELEASE asynchronously (#20632)
* fix: send ELECTRON_BROWSER_CONTEXT_RELEASE asynchronously

* test: remote references should be able to be cleared for all cases
2019-10-23 13:44:21 +09:00
Jeremy Apthorp
b155ebeeb3 fix: don't overwrite global constructor names in remote (#20637)
* fix: don't overwrite global constructor names in remote

* fake constructor names better, and improve error serialization
2019-10-21 15:48:03 +09:00
Samuel Attard
0090616f7b
feat: add a new contextBridge module (#20307)
* feat: add a new contextBridge module

* chore: fix docs linting

* feat: add support for function arguments being proxied

* chore: ensure that contextBridge can only be used when contextIsolation is enabled

* docs: getReverseBinding can be null

* docs: fix broken links in md file

* feat: add support for promises in function parameters

* fix: linting failure for explicit constructor

* Update atom_api_context_bridge.cc

* chore: update docs and API design as per feedback

* refactor: remove reverse bindings and handle GC'able functions across the bridge

* chore: only expose debugGC in testing builds

* fix: do not proxy promises as objects

* spec: add complete spec coverage for contextBridge

* spec: add tests for null/undefined and the anti-overwrite logic

* chore: fix linting

* spec: add complex nested back-and-forth function calling

* fix: expose contextBridge in sandboxed renderers

* refactor: improve security of default_app using the new contextBridge module

* s/bindAPIInMainWorld/exposeInMainWorld

* chore: sorry for this commit, its a big one, I fixed like everything and refactored a lot

* chore: remove PassedValueCache as it is unused now

Values transferred from context A to context B are now cachde in the RenderFramePersistenceStore

* chore: move to anonymous namespace

* refactor: remove PassValueToOtherContextWithCache

* chore: remove commented unused code blocks

* chore: remove .only

* chore: remote commented code

* refactor: extract RenderFramePersistenceStore

* spec: ensure it works with numbered keys

* fix: handle number keys correctly

* fix: sort out the linter

* spec: update default_app asar spec for removed file

* refactor: change signatures to return v8 objects directly rather than the mate dictionary handle

* refactor: use the v8 serializer to support cloneable buffers and other object types

* chore: fix linting

* fix: handle hash collisions with a linked list in the map

* fix: enforce a recursion limit on the context bridge

* chore: fix linting

* chore: remove TODO

* chore: adapt for PR feedback

* chore: remove .only

* chore: clean up docs and clean up the proxy map when objects are released

* chore: ensure we cache object values that are cloned through the V8 serializer
2019-10-18 12:57:09 -07:00
Milan Burda
b29f0b9348 refactor: use Map for windowProxies in window-setup.ts (#20600) 2019-10-17 15:07:27 +02:00
Milan Burda
5273930f76 refactor: use Map for callbacks in CallbacksRegistry (#20565) 2019-10-15 09:14:41 -07:00
Milan Burda
b92163d226 refactor: take advantage of structured clone algorithm in the remote module (#20427) 2019-10-10 09:59:08 -04:00
Milan Burda
ccff140046 feat: add --enable-api-filtering-logging commandline switch (#20335) 2019-10-04 10:49:09 -07:00
Milan Burda
d090b0cd2d perf: only access remote module when <webview>.getWebContents() is called (#20272) 2019-09-20 08:54:16 -07:00
Milan Burda
11cd0db86b build: add enable_remote_module build flag (#19821) 2019-09-18 09:52:06 -07:00
Milan Burda
81e9dab52f refactor: replace ipcRendererUtils.invoke() with ipcRendererInternal.invoke() (#19574) 2019-08-23 15:45:50 -07:00
Milan Burda
7825d043f2 refactor: unify module-list format and exports/electron (#19697) 2019-08-23 11:18:58 +02:00
Cheng Zhao
49fe2604b3 Revert "fix: activate the uv_loop on incoming IPC messages (#19449)" (#19727)
This reverts commit 8028c57b42.
2019-08-13 14:03:25 -07:00