There are use cases of webview where the container holding the webview is not
actually destroyed first, instead just webview gets removed from DOM, in such
situations the browser process map is not updated accordingly and holds reference
to stale guest contents, and any window operations like scroll, resize or keyboard
events that has to chain through browser embedder will lead to UAF crash.
Ref: https://github.com/microsoft/vscode/issues/92420
Prevent issues with menu creation and subsequent pane focus from menu bar by preventing menus from being created from an empty array. I can't conceive a valid use case for this, since if one wants to remove a menu they should be be passing null to win.setMenu() or calling win.removeMenu(). This issue is also specific to top-level menus, and not submenus, so the new check and exception is scoped to top-level menus.
* refactor: port window.open and window.opener to use ctx bridge instead of hole punching
* refactor: only run the isolated init bundle when webview is enabled
* test: add pre-change snapshot of new-window event
* move to .ts file for easier diff
* refactor: improve feature string parsing logic
* test: update snapshots
* update type names per review
* update comma-separated parse test
* use for loop instead of reduce per review
* tighten up types
* avoid variable guest contents id returnValue in test snapshot
* chore: add WebContentsView.webContents helper
* chore: no need to handle webContents option
* chore: Create WebContentsView in C++
* chore: make WebContentsView accept web_preferences
* fix: nativeWindowOpen still passes WebContents to BrowserWindow
* chore: no more need of WebContentsViewRelay
* test: WebContentsView now takes options
* fix: avoid creating 2 constructors
* chore: remove unused views API classes
* chore: remove LayoutManager code
* chore: no more need to make View inherit from TrackabeObject
* chore: make enable_view_api default to true
* chore: enable_view_api => enable_views_api
* fix: remove bad usages of for-in and guard against it
* Apply suggestions from code review
Co-Authored-By: Samuel Maddock <samuel.maddock@gmail.com>
* Apply suggestions from code review
Co-Authored-By: Jeremy Apthorp <jeremya@chromium.org>
* Update remote.js
Co-authored-by: Samuel Maddock <samuel.maddock@gmail.com>
Co-authored-by: Jeremy Apthorp <jeremya@chromium.org>
* chore: add deprecation warning on setting app.allowRendererProcessReuse to false
* fix: no deprecation warnings in process reuse spec
* chore: add test for new deprecate removeProperty behavior
* feat: add API for receiving logs from service workers
* feat: add new serviceWorkerContext APIs
* chore: add missing #include's
* refactor: rename serviceWorkerContext to serviceWorkers
* chore: clean up based on review
* chore: remove native_mate
* chore: add tests for the service worker module
* Update spec-main/api-service-workers-spec.ts
Co-Authored-By: Jeremy Apthorp <jeremya@chromium.org>
* chore: fix linting
* chore: handle renames
Co-authored-by: Jeremy Apthorp <nornagon@nornagon.net>
* fix: remove cyclic references in BrowserWindow
* fix: prevent TopLevelWindow from garbage collection
* test: garbage collection of BrowserWindow
* chore: createIDWeakMap is used in tests
* docs: add references to app.whenReady() in isReady
* refactor: prefer app.whenReady()
In the docs, specs, and lib, replace instances of `app.once('ready')`
(seen occasionally) and `app.on('ready')` (extremely common) with
`app.whenReady()`.
It's better to encourage users to use whenReady():
1. it handles the edge case of registering for 'ready' after it's fired
2. it avoids the minor wart of leaving an active listener alive for
an event that wll never fire again
* fix: use powerMonitor.on() only after app is ready
powerMonitor can't be used until the app is ready; however, on Linux,
powerMonitor.on() was called as soon as lib/browser/api/power-monitor.ts
was loaded.
This patch takes @vladimiry's suggestion of wrapping that in an
app.on('ready') handler to prevent powerMonitor.on() from being called
prematurely.
Fixes#21716
* test: fix some failing and disabled node specs
These tests were failing due to mismatched stacktraces as a result of
our Module._load hook. This fixes those by adding a flag to optionally
not hook those calls and instead do the asar override eagily.
* ELECTRON_EAGER_ASAR_HOOK => ELECTRON_EAGER_ASAR_HOOK_FOR_TESTING
* test: parallel/test-zlib-unused-weak consistently fails
Co-authored-by: Cheng Zhao <zcbenz@github.com>
* fix: menu visibility should not be overwritten on startup
* fix: removing menu for window without global menubar
* test: setMenu tests are not for mac
* feat: add a new contextBridge module
* chore: fix docs linting
* feat: add support for function arguments being proxied
* chore: ensure that contextBridge can only be used when contextIsolation is enabled
* docs: getReverseBinding can be null
* docs: fix broken links in md file
* feat: add support for promises in function parameters
* fix: linting failure for explicit constructor
* Update atom_api_context_bridge.cc
* chore: update docs and API design as per feedback
* refactor: remove reverse bindings and handle GC'able functions across the bridge
* chore: only expose debugGC in testing builds
* fix: do not proxy promises as objects
* spec: add complete spec coverage for contextBridge
* spec: add tests for null/undefined and the anti-overwrite logic
* chore: fix linting
* spec: add complex nested back-and-forth function calling
* fix: expose contextBridge in sandboxed renderers
* refactor: improve security of default_app using the new contextBridge module
* s/bindAPIInMainWorld/exposeInMainWorld
* chore: sorry for this commit, its a big one, I fixed like everything and refactored a lot
* chore: remove PassedValueCache as it is unused now
Values transferred from context A to context B are now cachde in the RenderFramePersistenceStore
* chore: move to anonymous namespace
* refactor: remove PassValueToOtherContextWithCache
* chore: remove commented unused code blocks
* chore: remove .only
* chore: remote commented code
* refactor: extract RenderFramePersistenceStore
* spec: ensure it works with numbered keys
* fix: handle number keys correctly
* fix: sort out the linter
* spec: update default_app asar spec for removed file
* refactor: change signatures to return v8 objects directly rather than the mate dictionary handle
* refactor: use the v8 serializer to support cloneable buffers and other object types
* chore: fix linting
* fix: handle hash collisions with a linked list in the map
* fix: enforce a recursion limit on the context bridge
* chore: fix linting
* chore: remove TODO
* chore: adapt for PR feedback
* chore: remove .only
* chore: clean up docs and clean up the proxy map when objects are released
* chore: ensure we cache object values that are cloned through the V8 serializer
* fix: support fitToPageEnabled and scaleFactor
Support fitToPageEnabled and scaleFactor in `WebContents.printToPDF()`
* fix: change default value of scaleFactor
* refactor: use v8 serialization for ipc
* cloning process.env doesn't work
* serialize host objects by enumerating key/values
* new serialization can handle NaN, Infinity, and undefined correctly
* can't allocate v8 objects during GC
* backport microtasks fix
* fix compile
* fix node_stream_loader reentrancy
* update subframe spec to expect undefined instead of null
* write undefined instead of crashing when serializing host objects
* fix webview spec
* fix download spec
* buffers are transformed into uint8arrays
* can't serialize promises
* fix chrome.i18n.getMessage
* fix devtools tests
* fix zoom test
* fix debug build
* fix lint
* update ipcRenderer tests
* fix printToPDF test
* update patch
* remove accidentally re-added remote-side spec
* wip
* don't attempt to serialize host objects
* jump through different hoops to set options.webContents sometimes
* whoops
* fix lint
* clean up error-handling logic
* fix memory leak
* fix lint
* convert host objects using old base::Value serialization
* fix lint more
* fall back to base::Value-based serialization
* remove commented-out code
* add docs to breaking-changes.md
* Update breaking-changes.md
* update ipcRenderer and WebContents docs
* lint
* use named values for format tag
* save a memcpy for ~30% speedup
* get rid of calls to ShallowClone
* extra debugging for paranoia
* d'oh, use the correct named tags
* apparently msstl doesn't like this DCHECK
* funny story about that DCHECK
* disable remote-related functions when enable_remote_module = false
* nits
* use EnableIf to disable remote methods in mojom
* fix include
* review comments
Exposing these in the renderer didn't make sense as they weren't backed
by the same instance / value store. This API should be browser only
especially now that we have nativeTheme.themeSource. Exposing in
//common was a mistake from the beginning.
* feat: add new nativeTheme API
* chore: deprecate and clean up old systemPreferences theme APIs in favor of new nativeTheme module
* chore: clean up and deprecate things per feedback
* chore: add tests for deprecate and clean up invert impl
* build: when is a boolean not a boolean???