* Execute content script in isolated world
* Inject script into newly created extension worlds
* Create new content_script_bundle for extension scripts
* Initialize chrome API in content script bundle
* Define Chrome extension isolated world ID range
1 << 20 was chosen as it provides a sufficiently large range of IDs for extensions, but also provides a large enough buffer for any user worlds in [1000, 1 << 20).
Ultimately this range can be changed if any user application raises it as an issue.
* Insert content script CSS into document
This now avoids a script wrapper to inject the style sheet. This closely matches the code used by chromium in `ScriptInjection::InjectCss`.
* Pass extension ID to isolated world via v8 private
* Add content script injector to sandboxed renderer
* Fix 'getRenderProcessPreferences' binding to the wrong object
* Pass getRenderProcessPreferences to content-scripts-injector
* Emit document-start and document-end events in sandboxed renderer
* Use GetContext from RendererClientBase
* Prevent script context crash caused by lazily initialization
* Remove frame filtering logic for onExit callback
Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.
* Add initial content script tests
* Add contextIsolation variants to content script tests
* Add set include
* Fix already loaded extension error
* Add tests for content scripts 'run_at' options
* Catch script injection eval error when CSP forbids it
This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.
* Fix content script tests not properly cleaning up extensions
* Fix lint and type errors
* feat: add support for node / preloads in subframes
This feature has delibrately been built / implemented in such a way
that it has minimum impact on existing apps / code-paths.
Without enabling the new "nodeSupportInSubFrames" option basically none of this
new code will be hit.
The things that I believe need extra scrutiny are:
* Introduction of `event.reply` for IPC events and usage of `event.reply` instead of `event.sender.send()`
* Usage of `node::FreeEnvironment(env)` when the new option is enabled in order to avoid memory leaks. I have tested this quite a bit and haven't managed to cause a crash but it is still feature flagged behind the "nodeSupportInSubFrames" flag to avoid potential impact.
Closes#10569Closes#10401Closes#11868Closes#12505Closes#14035
* feat: add support preloads in subframes for sandboxed renderers
* spec: add tests for new nodeSupportInSubFrames option
* spec: fix specs for .reply and ._replyInternal for internal messages
* chore: revert change to use flag instead of environment set size
* chore: clean up subframe impl
* chore: apply suggestions from code review
Co-Authored-By: MarshallOfSound <samuel.r.attard@gmail.com>
* chore: clean up reply usage
* chore: fix TS docs generation
* chore: cleanup after rebase
* chore: rename wrap to add in event fns
* chore: fix cpplint 'include_what_you_use' warnings
Typically by including <memory>, <utility> etc.
* chore: fix 'static/global string constant' warning
Use C style strings instead of std::string.
Style guide forbids non-trivial static / global variables. https://google.github.io/styleguide/cppguide.html#Static_and_Global_Variables
/home/charles/electron/electron-gn/src/electron/script/cpplint.js
* refactor: remove global string variables.
Fix 'global string variables are not permitted' linter warnings
by using the base::NoDestructor<> wrapper to make it explicit that
these variables are never destroyed.
The style guide's take on globals with nontrivial destructors:
https://google.github.io/styleguide/cppguide.html#Static_and_Global_Variables
* fix: initializer error introduced in last commit
* fix: remove WIP file that was included by accident
* fix: include order
* fix: include order
* fix: include order
* fix: include order, again
- Adapt node.cc code that implements `process.binding` to create a similar
object in AtomSandboxedRendererClient.
- Replace the ipc binding object passed to `lib/sandboxed_renderer/init.js` by
the new binding object.
- Refactor the initialization script to use this new object to fetch the ipc
binding and store as a hidden value using the `v8_util` module.
This change also required applying a patch to node.js, so the submodule commit
was updated.