Commit graph

18 commits

Author SHA1 Message Date
Samuel Maddock
f943db7ad5 feat: Add content script world isolation (#17032)
* Execute content script in isolated world

* Inject script into newly created extension worlds

* Create new content_script_bundle for extension scripts

* Initialize chrome API in content script bundle

* Define Chrome extension isolated world ID range

1 << 20 was chosen as it provides a sufficiently large range of IDs for extensions, but also provides a large enough buffer for any user worlds in [1000, 1 << 20).

Ultimately this range can be changed if any user application raises it as an issue.

* Insert content script CSS into document

This now avoids a script wrapper to inject the style sheet. This closely matches the code used by chromium in `ScriptInjection::InjectCss`.

* Pass extension ID to isolated world via v8 private
2019-03-11 16:27:57 -07:00
Samuel Maddock
42b7b25ac3 feat: support chrome extensions in sandboxed renderer (#16218)
* Add content script injector to sandboxed renderer

* Fix 'getRenderProcessPreferences' binding to the wrong object

* Pass getRenderProcessPreferences to content-scripts-injector

* Emit document-start and document-end  events in sandboxed renderer

* Use GetContext from RendererClientBase

* Prevent script context crash caused by lazily initialization

* Remove frame filtering logic for onExit callback

Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.

* Add initial content script tests

* Add contextIsolation variants to content script tests

* Add set include

* Fix already loaded extension error

* Add tests for content scripts 'run_at' options

* Catch script injection eval error when CSP forbids it

This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.

* Fix content script tests not properly cleaning up extensions

* Fix lint and type errors
2019-03-07 16:00:28 -08:00
Samuel Attard
58a6fe13d6
feat: preloads and nodeIntegration in iframes (#16425)
* feat: add support for node / preloads in subframes

This feature has delibrately been built / implemented in such a way
that it has minimum impact on existing apps / code-paths.
Without enabling the new "nodeSupportInSubFrames" option basically none of this
new code will be hit.

The things that I believe need extra scrutiny are:

* Introduction of `event.reply` for IPC events and usage of `event.reply` instead of `event.sender.send()`
* Usage of `node::FreeEnvironment(env)` when the new option is enabled in order to avoid memory leaks.  I have tested this quite a bit and haven't managed to cause a crash but it is still feature flagged behind the "nodeSupportInSubFrames" flag to avoid potential impact.

Closes #10569
Closes #10401
Closes #11868
Closes #12505
Closes #14035

* feat: add support preloads in subframes for sandboxed renderers

* spec: add tests for new nodeSupportInSubFrames option

* spec: fix specs for .reply and ._replyInternal for internal messages

* chore: revert change to use flag instead of environment set size

* chore: clean up subframe impl

* chore: apply suggestions from code review

Co-Authored-By: MarshallOfSound <samuel.r.attard@gmail.com>

* chore: clean up reply usage

* chore: fix TS docs generation

* chore: cleanup after rebase

* chore: rename wrap to add in event fns
2019-01-22 11:24:46 -08:00
Milan Burda
b965e54efc fix: <webview> not working with contextIsolation + sandbox (#16469) 2019-01-22 10:08:16 +09:00
Cheng Zhao
897c6e93cb chore: simplify main world setup of contextIsolation (#16046) 2018-12-13 16:25:12 -05:00
Charles Kerr
d663b4eaee
fix: fix gn cpplint warnings (#14583)
* chore: fix cpplint 'include_what_you_use' warnings

Typically by including <memory>, <utility> etc.

* chore: fix 'static/global string constant' warning

Use C style strings instead of std::string.

Style guide forbids non-trivial static / global variables. https://google.github.io/styleguide/cppguide.html#Static_and_Global_Variables

/home/charles/electron/electron-gn/src/electron/script/cpplint.js

* refactor: remove global string variables.

Fix 'global string variables are not permitted' linter warnings
by using the base::NoDestructor<> wrapper to make it explicit that
these variables are never destroyed.

The style guide's take on globals with nontrivial destructors:
https://google.github.io/styleguide/cppguide.html#Static_and_Global_Variables

* fix: initializer error introduced in last commit

* fix: remove WIP file that was included by accident

* fix: include order

* fix: include order

* fix: include order

* fix: include order, again
2018-09-12 19:25:56 -05:00
Milan Burda
fc85d02786 feat: expose missing process APIs in sandboxed renderers (#13505) 2018-08-21 11:05:45 -07:00
Jeremy Apthorp
e6695cf2ec [chromium-style] override / virtual warnings 2018-04-19 11:12:10 -07:00
Shelley Vohr
53bdf22c85
clang-format atom files 2018-04-18 20:48:45 -04:00
sungpark
bf07c5aebd fix contextIsolation issue while webPreference sandbox is on
contextIsolation didn't work while sandbox is on. The fix is contextIsolation picked up while sandbox on
2017-08-23 10:52:02 -07:00
Thiago de Arruda
ef07e25f9d Make SetupMainWorldOverrides/isolated_world pure virtual.
Also implement stubs in AtomSandboxedRendererClient.
2017-04-08 11:12:18 -03:00
Thiago de Arruda
f751335bf9 Make DidCreateScriptContext/WillReleaseScriptContext pure virtual. 2017-04-08 10:58:13 -03:00
Kevin Sawicki
f5a75c4e87 Merge pull request #9076 from electron/cleanup-cpp
Cleanup cpp codebase
2017-04-03 08:30:08 -07:00
Haojian Wu
5f724e57bc Avoid unnecessary copy of parameters. 2017-03-29 22:06:07 +02:00
Thiago de Arruda
d1f08beddf Make AtomSandboxedRendererClient a RendererClientBase subclass. 2017-03-27 18:49:55 -03:00
Thiago de Arruda
d78f3cae7b Expose builtin v8 modules to AtomSandboxedRendererClient
- Adapt node.cc code that implements `process.binding` to create a similar
  object in AtomSandboxedRendererClient.
- Replace the ipc binding object passed to `lib/sandboxed_renderer/init.js` by
  the new binding object.
- Refactor the initialization script to use this new object to fetch the ipc
  binding and store as a hidden value using the `v8_util` module.

This change also required applying a patch to node.js, so the submodule commit
was updated.
2017-03-09 20:39:14 -03:00
Thiago de Arruda
524bab530a Improve AtomSandboxedRendererClient to support preload scripts.
Add RenderFrameObserver/RenderViewObserver subclasses that implement the
necessary support for preload scripts in sandboxed renderers.
2016-09-27 06:01:47 -03:00
Thiago de Arruda
a7b6332ed0 Add atom::AtomSandboxedRendererClient class 2016-09-27 06:01:46 -03:00