Rule 13 recommends using Node's URL parser for handling url inputs. At
the moment, this is not being followed in the code example for rule 5,
which falls back on checking that the url ends with a '/'. If this was
forgotten when a user copies this code it could introduce security
vulnerabilities if an attacker uses an URL in the following way:
"https://example.com.attacker.com"
Using Node's URL parser fixes this potential missuse and enables the
'/' to be omited from the code example.
Co-authored-by: Baitinq <you@example.com>
* fix: don't call X11 functions in file dialog and message box
* refactor: remove unused GtkUiPlatform declaration
* fix: set gtk darktheme only when running under X11
* fix: replace X11 window state watcher with implementation using ozone
* fix: make sure global menu barr is used only when supported
* fix: don't call X11 function in native window views under wayland
* style: fix lint issues
* fix: use GtkUiPlatform::ShowGtkWindow instead of gtk_window_present directly
* refactor: extract CreateGlobalMenuBar into separate function
* refactor: move checking for WaylandWindowDecorations inside class
* fix: check if we run under X11 only in ozone build
* refactor: drop including unused ui/base/ui_base_features.h header
* fix: modify ui_gtk_public_header.patch to also export gtk_ui.h
* fix: refactor guarding of X11 calls
- Introduce patch exposing new electron_can_call_x11 property
- Replace defined(USE_OZONE) with BUILDFLAG(OZONE_PLATFORM_X11) flags
* fix: remove the last remaining usage of USE_X11
* fix: usage of BUILDFLAG(OZONE_PLATFORM_X11) not building on non ozone
* fix: call UpdateWindowState from OnBoundsChanged only under X11
* chore: bump chromium in DEPS to 101.0.4911.0
* chore: bump chromium in DEPS to 101.0.4913.0
* chore: bump chromium in DEPS to 101.0.4915.0
* chore: bump chromium in DEPS to 101.0.4917.0
* chore: bump chromium in DEPS to 101.0.4919.0
* chore: bump chromium in DEPS to 101.0.4921.0
* chore: bump chromium in DEPS to 101.0.4923.0
* chore: bump chromium in DEPS to 101.0.4925.0
* chore: bump chromium in DEPS to 101.0.4927.0
* chore: bump chromium in DEPS to 101.0.4929.0
* chore: update patches
* chore: bump chromium in DEPS to 101.0.4931.0
* chore: update patches
* 3475388: Remove mojo::InterfacePtr<T> and mojo::InterfacePtrInfo<T>
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3475388
Actual fixes in 1824792: Migrate DisplayClient to the new Mojo types | https://chromium-review.googlesource.com/c/chromium/src/+/1824792
* 3503874: Remove base::size(), base::empty(), and base::data().
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3503874
* chore: reconcile patches with main rebase
* chore: bump chromium in DEPS to 101.0.4933.0
* chore: update patches
* 3329593: [Fenced Frame] Ensure to support external protocols in a fenced frame
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3329593
* 3503874: Remove base::size(), base::empty(), and base::data().
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3503874
* 3446451: Use forward decl of ImageSkiaRep in //ui/gfx/image/image_skia.h
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3446451
* 3499818: partition_alloc: Rename AllocFlags to AllocWithFlags
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3499818
* chore: bump chromium in DEPS to 101.0.4935.0
* chore: update patches
* 3463286: partition_alloc: Move PartitionAlloc into the own namespaces (15 of N)
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3463286
* 3506590: Reland "Support ChromeOS external protocol dialog for Fenced Frame navigations"
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3506590
* 3475388: Remove mojo::InterfacePtr<T> and mojo::InterfacePtrInfo<T>
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3475388
Actual fixes in 1880987: Convert URLLoaderReqeust from //content to new Mojo types | https://chromium-review.googlesource.com/c/chromium/src/+/1880987 The change in the roll started causing the legacy types to fail
* chore: missing SkRegion include
* 3499600: Introduce blink::WebCssOrigin
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3499600
* fixup!: 3503874: Remove base::size(), base::empty(), and base::data().
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3503874
* chore: bump chromium in DEPS to 101.0.4937.0
* chore: update patches
* 3500826: [locales] Refactor locales for ios
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3500826
* 3509531: Make some public Blink media files private
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3509531
* 3497377: bluetooth: Add BluetoothDevice.forget()
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3497377
* chore: bump chromium in DEPS to 101.0.4939.0
* chore: bump chromium in DEPS to 101.0.4941.0
* 3514804: Deprecate all existing uses of mojo_base.mojom.{Dictionary,List}Value.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3514804
* 3502592: Delete PPAPI init/shutdown code in //pdf.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3502592
* chore: update patches
* fixup! 3502592: Delete PPAPI init/shutdown code in //pdf.
* chore: bump chromium in DEPS to 101.0.4943.0
* chore: fix lint, remove unneeded headers
* fixup! 3475388: Remove mojo::InterfacePtr<T> and mojo::InterfacePtrInfo<T>
* update mojo calls in offscreen patch
* update hunspell filenames
* chore: bump chromium in DEPS to 101.0.4945.0
* chore: update patches
* fix offscreen patch again
* chore: bump chromium in DEPS to 101.0.4947.0
* chore: update patches
* chore: bump chromium in DEPS to 101.0.4949.0
* support unseasoned pdf
* update patches
* chore: update patches
* chore: [IWYU] include missing skia headers
* chore: bump chromium in DEPS to 101.0.4951.0
* chore: update patches
* 3457645: media: Remove IsKeySystemsUpdateNeeded()
https://chromium-review.googlesource.com/c/chromium/src/+/3457645
* chore: bump chromium in DEPS to 102.0.4952.2
* chore: update patches
* 3488672: Add documentId as a parameter in tabs.connect() and tabs.sendMessage().
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3488672
* 3508375: Fix an issue dangerous dialog is not shown for some apk download
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3508375
* chore: bump chromium in DEPS to 102.0.4953.0
* chore: update patches
* 3510189: Harden up drag and drop support across same-process boundaries.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3510189
* 3526815: Remove hardcoded colors from chrome/browser/ui/views/overlay/.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3526815
* chore: bump chromium in DEPS to 102.0.4955.0
* build: add af and ur locale to manifests
3498914 [locales] Add af and ur to desktop
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3498914
* fixup! build: add af and ur locale to manifests
* chore: bump chromium in DEPS to 102.0.4957.0
* 3529090: gin: set JS flags before v8 initialization
Xref: https://chromium-review.googlesource.com/c/chromium/src/+/3529090
chore: fix code shear in chromium/gin_enable_disable_v8_platform.patch
* chore: update patches
* 3536433: [network] Rename data_path and http_cache_path from _path to _directory.
Xref: https://chromium-review.googlesource.com/c/chromium/src/+/3536433
* 3111565: Relocated Page.printToPDF implementation to //components
Xref: https://chromium-review.googlesource.com/c/chromium/src/+/3111565
refactor: inject E args to PrintRequestedPages() and ScriptedPrintCallback
TODO: currently passes a placeholder for job_settings. We have other
code paths that inject settings from electron_api_web_contents.cc.
Should those be injected here as well? (CC @codebytere)
* fixup! 3111565: Relocated Page.printToPDF implementation to //components
* fixup! 3111565: Relocated Page.printToPDF implementation to //components
* 3520025: Make "libcxx_abi_unstable" not a gn arg
Xref: https://chromium-review.googlesource.com/c/chromium/src/+/3520025
build: since it is no longer a gn arg, patch it in
* chore: change usages of std::vector with const elements (#33373)
* chore: bump chromium in DEPS to 102.0.4959.0
* chore: update patches
* build: iwyu base/threading/platform_thread.h
* 3525774: Add GPSForCurrentDocument() into PermissionControllerDelegate.
Xref: https://chromium-review.googlesource.com/c/chromium/src/+/3525774
refactor: copy upstream impl of GetPermissionStatusForCurrentDocument into +ElectronPermissionManager
* use gclient_gn_args_from instead of hand-copying
* checkout mac on mac
* chore: update patches
* Revert "checkout mac on mac"
This reverts commit fe9ccf49ec6139868ccf2272c2016cefa3f32769.
* fixup! 3525774: Add GPSForCurrentDocument() into PermissionControllerDelegate.
* fixup! 3457645: media: Remove IsKeySystemsUpdateNeeded()
add nogncheck
* fix: set .eslintrc.json to root to avoid cascade to chromium eslintrc
* Xref: 6dfdf79b8c
Xref: https://reviews.llvm.org/D101458
Upstream added a CMakeLists.txt in an include dir ¯\_(ツ)_/¯ and
so it must be enumerated in filenames.libcxxabi.gni
* 3511268: Remove unused headers from cxx17_backports.h
https://chromium-review.googlesource.com/c/chromium/src/+/3511268
use std::size instead of base::size
* iwyu: SkPaint
3488428: [includes] Fix transitive includes of SkImageEncoder
* chore: [IWYU] include missing skia headers
* fixup! 3511268: Remove unused headers from cxx17_backports.h
* chore: bump chromium in DEPS to 102.0.4961.0
* chore: update patches
* fixup! 3475388: Remove mojo::InterfacePtr<T> and mojo::InterfacePtrInfo<T>
chore: remove unused #include
* fixup! 3510189: Harden up drag and drop support across same-process boundaries. | https://chromium-review.googlesource.com/c/chromium/src/+/3510189
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
Co-authored-by: VerteDinde <vertedinde@electronjs.org>
Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
Co-authored-by: VerteDinde <keeleymhammond@gmail.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Co-authored-by: David Sanders <dsanders11@ucsbalum.com>
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
* fix: initialize asar support in worker threads
Use `ObjectWrap` instead of gin's Wrap in `electron_api_asar.cc` because
gin isn't fully initialized (and apparently not possible to initialize
without ruining the isolate configuration and array buffer allocator) in
worker threads. In the worker thread call `setupAsarSupport` just as we
do for the main process.
* Update lib/asar/fs-wrapper.ts
Co-authored-by: Darshan Sen <raisinten@gmail.com>
* Update patches/node/worker_thread_add_asar_support.patch
Co-authored-by: Darshan Sen <raisinten@gmail.com>
* Add a test
Co-authored-by: Darshan Sen <raisinten@gmail.com>
Co-authored-by: Fedor Indutny <79877362+indutny-signal@users.noreply.github.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
* fix: use stricter options in SecStaticCodeCheckValidity
* Update patches/squirrel.mac/fix_use_kseccschecknestedcode_kseccsstrictvalidate_in_the_sec.patch
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>