* Add content script injector to sandboxed renderer
* Fix 'getRenderProcessPreferences' binding to the wrong object
* Pass getRenderProcessPreferences to content-scripts-injector
* Emit document-start and document-end events in sandboxed renderer
* Use GetContext from RendererClientBase
* Prevent script context crash caused by lazily initialization
* Remove frame filtering logic for onExit callback
Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.
* Add initial content script tests
* Add contextIsolation variants to content script tests
* Add set include
* Fix already loaded extension error
* Add tests for content scripts 'run_at' options
* Catch script injection eval error when CSP forbids it
This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.
* Fix content script tests not properly cleaning up extensions
* Fix lint and type errors
* refactor: Port inspector to TypeScript
* refactor: Add another type to inspector
* refactor: Use correct paths
* Update lib/renderer/inspector.ts
Co-Authored-By: felixrieseberg <felix@felixrieseberg.com>
* refactor: Implement feedback <3
* refactor: Don't define blob at all
* fix: Correct type
* refactor: Port renderer/init to TypeScript
* Update lib/renderer/init.ts
Co-Authored-By: felixrieseberg <felix@felixrieseberg.com>
* refactor: Type this a bit more loosely
* refactor: Type parseOption strictly
* refactor: Port security-warnings to TypeScript
* chore: make aliasify work on .ts files as well
* refactor: Implement feedback <3
* refactor: Correctly call executeJavaScript
* chore: make aliasify work on .ts files as well
* refactor: Port ipc-renderer-internal to TypeScript
* refactor: Correctly import internal ipcRenderer
* refactor: One more rename
* refactor: Fix one more lint issue
* refactor: Correctly reference ipcRendererInternal
* chore: refactor browser IPC into typescript
* chore: refactor app.ts into Typescript
* Refactors app.dock into cpp
* Removes app.launcher which has not existed for 3 years
* Removes 2 deprecated APIs (that have been deprecated for more than one
major)
* Refactors deprecate.ts as well
* refactor: Port window-setup to TS
* refactor: Make the linter happy
* refactor: Sneaky little TS error
* refactor: Correctly import window-setup
* refactor: Implement feedback <3
* refactor: Allow decorators in TS
* refactor: Use named windowSetup in isolatedRenderer
* refactor: Help TS understand
* refactor: Welp, use createEvent again
* refactor: Use the correct target in the decorator
* fix: pass result to chrome.tabs.executeScript callback
Additionally, remove `nextId` counter in favor of `originResultID` counter which is more widely used in this file.
* fix: remove need for eslint override and better match style
* chore: Add new webFrame IsolatedWorldInfo API and deprecate
* Flag deprecated methods in documentation
* address comments
* Address review comments
* remove unused variable
* Update based on review
* fix: do not create native api::WebFrame in webFrame
When reloading a page without restarting renderer process (for example
sandbox mode), the blink::WebFrame is not destroyed, but api::WebFrame
is always recreated for the new page context. This leaves a leak of
api::WebFrame.
* fix: remove spell checker when page context is released
* feat: add support for node / preloads in subframes
This feature has delibrately been built / implemented in such a way
that it has minimum impact on existing apps / code-paths.
Without enabling the new "nodeSupportInSubFrames" option basically none of this
new code will be hit.
The things that I believe need extra scrutiny are:
* Introduction of `event.reply` for IPC events and usage of `event.reply` instead of `event.sender.send()`
* Usage of `node::FreeEnvironment(env)` when the new option is enabled in order to avoid memory leaks. I have tested this quite a bit and haven't managed to cause a crash but it is still feature flagged behind the "nodeSupportInSubFrames" flag to avoid potential impact.
Closes#10569Closes#10401Closes#11868Closes#12505Closes#14035
* feat: add support preloads in subframes for sandboxed renderers
* spec: add tests for new nodeSupportInSubFrames option
* spec: fix specs for .reply and ._replyInternal for internal messages
* chore: revert change to use flag instead of environment set size
* chore: clean up subframe impl
* chore: apply suggestions from code review
Co-Authored-By: MarshallOfSound <samuel.r.attard@gmail.com>
* chore: clean up reply usage
* chore: fix TS docs generation
* chore: cleanup after rebase
* chore: rename wrap to add in event fns
* Disable nodeIntegration
* Enable contextIsolation
* Re-implement the CSP security check to handle running in
contextIsolation
* Disable bad DCHECKS for the promise helper
* Remove the unused "-d" flag for the electron binary
* Added a way to hide the default help output for electron devs who
don't want to see it every time
* perf: use an internal module resolver instead of relative requires
* perf: memoize the results of getting exported Electron properties
* perf: make internal module changes consistent across sandboxed / bundled files
* feat: deprecate default value of nodeIntegration
* Use DeprecationStatus::Stable as the default instead of shadowing
* change wording of deprecations
* chore: also deprecate kWebviewTag and kContextIsolation
* chore: do as we preach, lets be secure-by-default in the default app
* fix: use OOIF for webview tag
* fix: do not call GetNativeView for webview
* fix: OOIPF webview's WebContents is managed by embedder frame
* fix: guest view can not be focused
* fix: clear zoom controller when guest is destroyed
* fix: implement the webview resize event
The webview is no longer a browser plugin with the resize event, use
ResizeObserver instead.
* test: disable failed tests due to OOPIF webview
* fix: embedder can be destroyed earlier than guest
This happens when embedder is manually destroyed.
* fix: don't double attach
* fix: recreate iframe when webview is reattached
* fix: resize event may happen very early
* test: some tests are working after OOPIF webview
* chore: remove unused browser plugin webview code
* fix: get embedder via closure
When the "destroyed" event is emitted, the entry in guestInstances would be
cleared.
* chore: rename browserPluginNode to internalElement
* test: make the visibilityState test more robust
* chore: guestinstance can not work with OOPIF webview
* fix: element could be detached before got response from browser
After the page does navigations, garbage collection can still happen in
the old context. This commit changes to store references to remote objects
by _pages_, instead of by _WebContents_.
* Make it possible to disable a module for a renderer
* Put DesktopCapturer API under a build flag
The name is "enable_desktop_capturer".
Enabled by default.
* Don't use JSON to send the result of `ipcRenderer.sendSync`.
- Change the return type of AtomViewHostMsg_Message_Sync from `base::string16`
to `base::ListValue`
- Adjust lib/browser/api/web-contents.js and /lib/renderer/api/ipc-renderer.js
to wrap/unwrap return values to/from array, instead of
serializing/deserializing JSON.
This change can greatly improve `ipcRenderer.sendSync` calls where the return
value contains Buffer instances, because those are converted to Array before
being serialized to JSON(which has no efficient way of representing byte
arrays).
A simple benchmark where remote.require('fs') was used to read a 16mb file got
at least 5x faster, not to mention it used a lot less memory. This difference
tends increases with larger buffers.
* Don't base64 encode Buffers
* Don't allocate V8ValueConverter on the heap
* Replace hidden global.sandbox with NodeBindings::IsInitialized()
* Refactoring: check NodeBindings::IsInitialized() in V8ValueConverter
* Refactor problematic test to make it more reliable
* Add tests for NaN and Infinity
Use a single synchronous IPC call to retrieve data required by early
sandbox scripts. This has two purposes:
- Optimize preload script initialization by:
- Using one synchronous IPC call to retrieve preload script,
webContentsId (more on that later), process.{platform,execPath,env}
- Lazy loading as many modules as possible.
- Fix#12316 for sandbox. @MarshallOfSound addressed the issue in
#12342, but it was still present in sandbox mode. By loading
webContentsId very early and skipping remote module at early
startup, we fix it for sandbox.
When the Chrome Extension has too many content scripts (above default
10 counts), there will be a warning: possible EventEmitter memory leak
detected. 11 listeners added.
* add did-frame-navigate event to WebContents, pass http response code to it and did-navigate
* docs for frame routing id related api changes on WebFrame and WebContents
* expose WebFrame#routingId and pass it to WebContents frame specific events along with frameProcessId; add WebContets.did-start-navigation event
* fix compilation error on ia32 Windows
* add cause property to exception in callFunction
* update exceptionToMeta function
* add sender argument
* and cause property to return value
* update exception convert in metaToValue function
* add from and cause properties to the exception error
* unit test for remote exception
* Add a screen_api_id parameter to the desktopCapturer API.
When using the DirectX capturer on Windows, there was previously no way
to associate desktopCapturer/getUserMedia and electron.screen API
screens. This new parameter provides the association.
* Fix non-Windows build.
* Fix Mac.
* Fix Mac harder.
* JS lint
* clang-format C++ code.
* IWYU
* display_id, Linux comment, better test
* lint
* Fix tests on Linux.
* Add display_id documentation.
* Remove the race condition between new process creation and old process releasing remote context
Previously there was a race condition where the getId() method would return the new context ID even
though the release was for the old context. This changes it to send the "initial" context ID with
the release message to ensure there is no race.
* fetch context ID from remote in sandbox mode
* Persist defaults to webPreferences object to JS land can read the inferred values instead of just user defined values
* Test inherited default propogation
* Refactor to remove coupling from fetching values and defaults
* Test description type
* Fix up tests
* This is to enable more browser-like behavior so that users who run third-party code
will not be DOS'ed with alerts and confirms. This is already handled like this
in most major browsers so this will greatly help these developers
* 🔧 Add security issue detection (and logs)
* 🔧 Check for it on load
* 👷 Add some tests
* 👷 Make the linter happy
* 🔧 Allow them to be enabled by force
* 📝 Make message slightly prettier
* 🔧 Fix a typo in the code comment
* 🔧 Classic mistake
* 🚀 Optimize things a bit more
* 👷 Add tests, fix tests
* 📝 Document things
* 🔧 Make linter happy
* 🔧 One more piece of cleanup