Commit graph

19 commits

Author SHA1 Message Date
Jeremy Apthorp
53f6cbccbf
refactor: use mojo for electron internal IPC ()
* refactor: use mojo for electron internal IPC

* add sender_id, drop MessageSync

* remove usages of AtomFrameMsg_Message

* iwyu

* first draft of renderer->browser direction

* refactor to reuse a single ipc interface

* implement TakeHeapSnapshot through mojo

* the rest of the owl^WtakeHeapSnapshot mojofication

* remove no-op overrides in AtomRendererClient

* delete renderer-side ElectronApiServiceImpl when its pipe is destroyed

* looks like we don't need to overlay the renderer manifest after all

* don't try to send 2 replies to a sync rpc

* undo changes to manifests.cc

* unify sandboxed + unsandboxed ipc events

* lint

* register ElectronBrowser mojo service on devtools WebContents

* fix takeHeapSnapshopt failure paths

* {electron_api => atom}::mojom

* add send_to_all to ElectronRenderer::Message

* keep interface alive until callback is called

* review comments

* use GetContext from RendererClientBase

* robustify a test that uses window.open

* MessageSync posts a task to put sync messages in the same queue as async ones

* add v8::MicrotasksScope and node::CallbackScope

* iwyu

* use weakptr to api::WebContents instead of Unretained

* make MessageSync an asynchronous message & use non-associated interface

* iwyu + comments

* remove unused WeakPtrFactory

* inline OnRendererMessage[Sync]

* cleanups & comments

* use helper methods instead of inline lambdas

* remove unneeded async in test

* add mojo to manifests deps

* add gn check for //electron/manifests and mojo

* don't register renderer side service until preload has been run

* update gn check targets list

* move interface registration back to RenderFrameCreated
2019-04-02 15:38:16 -07:00
Samuel Maddock
f943db7ad5 feat: Add content script world isolation ()
* Execute content script in isolated world

* Inject script into newly created extension worlds

* Create new content_script_bundle for extension scripts

* Initialize chrome API in content script bundle

* Define Chrome extension isolated world ID range

1 << 20 was chosen as it provides a sufficiently large range of IDs for extensions, but also provides a large enough buffer for any user worlds in [1000, 1 << 20).

Ultimately this range can be changed if any user application raises it as an issue.

* Insert content script CSS into document

This now avoids a script wrapper to inject the style sheet. This closely matches the code used by chromium in `ScriptInjection::InjectCss`.

* Pass extension ID to isolated world via v8 private
2019-03-11 16:27:57 -07:00
Samuel Maddock
42b7b25ac3 feat: support chrome extensions in sandboxed renderer ()
* Add content script injector to sandboxed renderer

* Fix 'getRenderProcessPreferences' binding to the wrong object

* Pass getRenderProcessPreferences to content-scripts-injector

* Emit document-start and document-end  events in sandboxed renderer

* Use GetContext from RendererClientBase

* Prevent script context crash caused by lazily initialization

* Remove frame filtering logic for onExit callback

Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.

* Add initial content script tests

* Add contextIsolation variants to content script tests

* Add set include

* Fix already loaded extension error

* Add tests for content scripts 'run_at' options

* Catch script injection eval error when CSP forbids it

This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.

* Fix content script tests not properly cleaning up extensions

* Fix lint and type errors
2019-03-07 16:00:28 -08:00
Samuel Attard
58a6fe13d6
feat: preloads and nodeIntegration in iframes ()
* feat: add support for node / preloads in subframes

This feature has delibrately been built / implemented in such a way
that it has minimum impact on existing apps / code-paths.
Without enabling the new "nodeSupportInSubFrames" option basically none of this
new code will be hit.

The things that I believe need extra scrutiny are:

* Introduction of `event.reply` for IPC events and usage of `event.reply` instead of `event.sender.send()`
* Usage of `node::FreeEnvironment(env)` when the new option is enabled in order to avoid memory leaks.  I have tested this quite a bit and haven't managed to cause a crash but it is still feature flagged behind the "nodeSupportInSubFrames" flag to avoid potential impact.

Closes 
Closes 
Closes 
Closes 
Closes 

* feat: add support preloads in subframes for sandboxed renderers

* spec: add tests for new nodeSupportInSubFrames option

* spec: fix specs for .reply and ._replyInternal for internal messages

* chore: revert change to use flag instead of environment set size

* chore: clean up subframe impl

* chore: apply suggestions from code review

Co-Authored-By: MarshallOfSound <samuel.r.attard@gmail.com>

* chore: clean up reply usage

* chore: fix TS docs generation

* chore: cleanup after rebase

* chore: rename wrap to add in event fns
2019-01-22 11:24:46 -08:00
Milan Burda
b965e54efc fix: <webview> not working with contextIsolation + sandbox () 2019-01-22 10:08:16 +09:00
Cheng Zhao
897c6e93cb chore: simplify main world setup of contextIsolation () 2018-12-13 16:25:12 -05:00
Charles Kerr
d663b4eaee
fix: fix gn cpplint warnings ()
* chore: fix cpplint 'include_what_you_use' warnings

Typically by including <memory>, <utility> etc.

* chore: fix 'static/global string constant' warning

Use C style strings instead of std::string.

Style guide forbids non-trivial static / global variables. https://google.github.io/styleguide/cppguide.html#Static_and_Global_Variables

/home/charles/electron/electron-gn/src/electron/script/cpplint.js

* refactor: remove global string variables.

Fix 'global string variables are not permitted' linter warnings
by using the base::NoDestructor<> wrapper to make it explicit that
these variables are never destroyed.

The style guide's take on globals with nontrivial destructors:
https://google.github.io/styleguide/cppguide.html#Static_and_Global_Variables

* fix: initializer error introduced in last commit

* fix: remove WIP file that was included by accident

* fix: include order

* fix: include order

* fix: include order

* fix: include order, again
2018-09-12 19:25:56 -05:00
Milan Burda
fc85d02786 feat: expose missing process APIs in sandboxed renderers () 2018-08-21 11:05:45 -07:00
Jeremy Apthorp
e6695cf2ec [chromium-style] override / virtual warnings 2018-04-19 11:12:10 -07:00
Shelley Vohr
53bdf22c85
clang-format atom files 2018-04-18 20:48:45 -04:00
sungpark
bf07c5aebd fix contextIsolation issue while webPreference sandbox is on
contextIsolation didn't work while sandbox is on. The fix is contextIsolation picked up while sandbox on
2017-08-23 10:52:02 -07:00
Thiago de Arruda
ef07e25f9d Make SetupMainWorldOverrides/isolated_world pure virtual.
Also implement stubs in AtomSandboxedRendererClient.
2017-04-08 11:12:18 -03:00
Thiago de Arruda
f751335bf9 Make DidCreateScriptContext/WillReleaseScriptContext pure virtual. 2017-04-08 10:58:13 -03:00
Kevin Sawicki
f5a75c4e87 Merge pull request from electron/cleanup-cpp
Cleanup cpp codebase
2017-04-03 08:30:08 -07:00
Haojian Wu
5f724e57bc Avoid unnecessary copy of parameters. 2017-03-29 22:06:07 +02:00
Thiago de Arruda
d1f08beddf Make AtomSandboxedRendererClient a RendererClientBase subclass. 2017-03-27 18:49:55 -03:00
Thiago de Arruda
d78f3cae7b Expose builtin v8 modules to AtomSandboxedRendererClient
- Adapt node.cc code that implements `process.binding` to create a similar
  object in AtomSandboxedRendererClient.
- Replace the ipc binding object passed to `lib/sandboxed_renderer/init.js` by
  the new binding object.
- Refactor the initialization script to use this new object to fetch the ipc
  binding and store as a hidden value using the `v8_util` module.

This change also required applying a patch to node.js, so the submodule commit
was updated.
2017-03-09 20:39:14 -03:00
Thiago de Arruda
524bab530a Improve AtomSandboxedRendererClient to support preload scripts.
Add RenderFrameObserver/RenderViewObserver subclasses that implement the
necessary support for preload scripts in sandboxed renderers.
2016-09-27 06:01:47 -03:00
Thiago de Arruda
a7b6332ed0 Add atom::AtomSandboxedRendererClient class 2016-09-27 06:01:46 -03:00