* fix: ensure dots in content script patterns aren't used as wildcards
* chore: sanitise all regexp special chars
* chore: extract to helper
* chore: fixup helper
* Execute content script in isolated world
* Inject script into newly created extension worlds
* Create new content_script_bundle for extension scripts
* Initialize chrome API in content script bundle
* Define Chrome extension isolated world ID range
1 << 20 was chosen as it provides a sufficiently large range of IDs for extensions, but also provides a large enough buffer for any user worlds in [1000, 1 << 20).
Ultimately this range can be changed if any user application raises it as an issue.
* Insert content script CSS into document
This now avoids a script wrapper to inject the style sheet. This closely matches the code used by chromium in `ScriptInjection::InjectCss`.
* Pass extension ID to isolated world via v8 private
* feat: add support for content scripts 'all_frames' option
* merged content script tests
'all_frames' test now runs on all variants of sandbox/contentIsolation configurations :D
* refactor: load electron builtin modules with process._linkedBinding
NODE_BUILTING_MODULE_CONTEXT_AWARE and process.binding are
removed in https://github.com/nodejs/node/pull/25829. This changes
uses the alternative available without any functionality change.
* chore: roll node
* Add content script injector to sandboxed renderer
* Fix 'getRenderProcessPreferences' binding to the wrong object
* Pass getRenderProcessPreferences to content-scripts-injector
* Emit document-start and document-end events in sandboxed renderer
* Use GetContext from RendererClientBase
* Prevent script context crash caused by lazily initialization
* Remove frame filtering logic for onExit callback
Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.
* Add initial content script tests
* Add contextIsolation variants to content script tests
* Add set include
* Fix already loaded extension error
* Add tests for content scripts 'run_at' options
* Catch script injection eval error when CSP forbids it
This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.
* Fix content script tests not properly cleaning up extensions
* Fix lint and type errors
`powerMonitor.querySystemIdleState` and `powerMonitor.querySystemIdleTime` had async backing APIs in chromium (https://chromium-review.googlesource.com/c/chromium/src/+/1379183). However, that has changed in ch73. So, this PR deprecates the old async APIs and adds new sync APIs.
* refactor: Port inspector to TypeScript
* refactor: Add another type to inspector
* refactor: Use correct paths
* Update lib/renderer/inspector.ts
Co-Authored-By: felixrieseberg <felix@felixrieseberg.com>
* refactor: Implement feedback <3
* refactor: Don't define blob at all
* fix: Correct type
* refactor: Port renderer/init to TypeScript
* Update lib/renderer/init.ts
Co-Authored-By: felixrieseberg <felix@felixrieseberg.com>
* refactor: Type this a bit more loosely
* refactor: Type parseOption strictly
* refactor: Port security-warnings to TypeScript
* chore: make aliasify work on .ts files as well
* refactor: Implement feedback <3
* refactor: Correctly call executeJavaScript
* chore: make aliasify work on .ts files as well
* refactor: Port ipc-renderer-internal to TypeScript
* refactor: Correctly import internal ipcRenderer
* refactor: One more rename
* refactor: Fix one more lint issue
* refactor: Correctly reference ipcRendererInternal
* chore: refactor browser IPC into typescript
* chore: refactor app.ts into Typescript
* Refactors app.dock into cpp
* Removes app.launcher which has not existed for 3 years
* Removes 2 deprecated APIs (that have been deprecated for more than one
major)
* Refactors deprecate.ts as well
* feat: promisify webContents.savePage()
* no need to make compatible w callbacks, we're breaking it
* fix promise resolve type
* address feedback from review
* fix promise return text
* update smoke test
* refactor: Port window-setup to TS
* refactor: Make the linter happy
* refactor: Sneaky little TS error
* refactor: Correctly import window-setup
* refactor: Implement feedback <3
* refactor: Allow decorators in TS
* refactor: Use named windowSetup in isolatedRenderer
* refactor: Help TS understand
* refactor: Welp, use createEvent again
* refactor: Use the correct target in the decorator
* fix: pass result to chrome.tabs.executeScript callback
Additionally, remove `nextId` counter in favor of `originResultID` counter which is more widely used in this file.
* fix: remove need for eslint override and better match style
* chore: Add new webFrame IsolatedWorldInfo API and deprecate
* Flag deprecated methods in documentation
* address comments
* Address review comments
* remove unused variable
* Update based on review
* fix: do not create native api::WebFrame in webFrame
When reloading a page without restarting renderer process (for example
sandbox mode), the blink::WebFrame is not destroyed, but api::WebFrame
is always recreated for the new page context. This leaves a leak of
api::WebFrame.
* fix: remove spell checker when page context is released
This PR better preserves existing behavior in `deprecate.promisify()` in the cases where the promise fails. Previously, if a callback was only called with `data` instead of `err, data` and the promise was rejected, `data` would be populated with `err`, which could be confusing to users. This makes it such that `err` is called back on promise rejection if a callback is called with `err, data` a la Node.js.
* feat: promisify the Cookie API
* chore: update specs to test promisified cookies
* chore: add deprecate wrapper for cookie callback API
* docs: update docs to cookie promise changes
* chore: remove redundant namespace use
* docs: improve cookie example
* docs: restore docs for cookie callback API
* chore: restore cookie callback tests
* fix: syntax of cookie promise return types
* feat: add support for node / preloads in subframes
This feature has delibrately been built / implemented in such a way
that it has minimum impact on existing apps / code-paths.
Without enabling the new "nodeSupportInSubFrames" option basically none of this
new code will be hit.
The things that I believe need extra scrutiny are:
* Introduction of `event.reply` for IPC events and usage of `event.reply` instead of `event.sender.send()`
* Usage of `node::FreeEnvironment(env)` when the new option is enabled in order to avoid memory leaks. I have tested this quite a bit and haven't managed to cause a crash but it is still feature flagged behind the "nodeSupportInSubFrames" flag to avoid potential impact.
Closes#10569Closes#10401Closes#11868Closes#12505Closes#14035
* feat: add support preloads in subframes for sandboxed renderers
* spec: add tests for new nodeSupportInSubFrames option
* spec: fix specs for .reply and ._replyInternal for internal messages
* chore: revert change to use flag instead of environment set size
* chore: clean up subframe impl
* chore: apply suggestions from code review
Co-Authored-By: MarshallOfSound <samuel.r.attard@gmail.com>
* chore: clean up reply usage
* chore: fix TS docs generation
* chore: cleanup after rebase
* chore: rename wrap to add in event fns
Unify the behavior between default app and packaged apps:
- create default application menu unless the app has one
- default window-all-closed handling unless the app handles the event
* fix: use Chromium's determined new site instance as candidate when navigating.
When navigating to a new address, consider using Chromium's determined site instance
for the new page as it should belong to an existing browsing instance when the
navigation was triggered by window.open().
fixes 8100.
* Revert "fix: use Chromium's determined new site instance as candidate when navigating."
This reverts commit eb95f935654a2c4d4457821297670836c10fdfd5.
* fix: delegate site instance creation back to content when sandboxed.
* fix: ensure site isolation is on
* test: adapt ut for cross-site navigation
* fix: register pending processes during a navigation.
* refactor: dont call loadURL for a window constructed from an existing webContents.
* test: add sandboxed affinity UT's.
* fix: check affinity before deciding if to force a new site instance.
* chore: adapt subsequent patch.
* refactor: constify logically const methods.
* fix: do not reuse site instances when navigation redirects cross-site.
* test: ensure localStorage accessible after x-site redirect.
* test: adapt localStorage acess denied UT for site isolation.
* fix: do not send render-view-deleted for speculative frames.
* chore: amend tests after rebase.
* test: add ut for webContents' render-view-deleted emission
* fix: introduce current-render-view-deleted for current RVH's deletions.
Revert render-view-deleted to being emitted with any RVH's deletion.
current-render-view-deleted is emitted only when the RVH being deleted
is the current one.
* refactor: style and comments fixed.
* feat: add registerAccelerator flag to allow menu items to skip registration
* docs: add docs for registerAccelerator
* docs: re-add accidentally removed line
With mixed sandbox enabled we need to load the chrome.* APIs in the
sandbox init.js so that chrome extensions load correctly.
This mirrors the equivilant impl in `atom_renderer_client.cc`
Fixes#15561
Extend the existing win.setBounds functionality by allowing developers to partially update bounds without being forced to pass in all four bounds values. No existing functionality is altere
* refactor: remove -new-contents-created event
Chromium expects us to take ownership of WebContents in AddNewContents,
we should not create V8 wrapper in WebContentsCreated, otherwise we
would have WebContents being managed by 2 unique_ptr at the same time.
* refactor: make CreateAndTake take unique_ptr
* Fix loading of devtools extensions on startup
The persisted DevTools Extensions were not being loaded correctly at startup. The `addDevToolsExtension` function was not defined when it was being called. An error was being thrown and ignored, so the whole thing would fail silently. I moved the code to load the extensions to the end of the event handler, so now it works.
* fixup: remove trailing spaces to unblock CI
* fixup: add logging when the Electron Enable Logging env var is set
* Fix linter error on undefined srcDirectory
* fixup: catch exception when loading extension
* Revert "fixup: catch exception when loading extension"
This reverts commit 42c2cf95bcaab8abfc5fbecbe4365d3adfe36d5b.
* remove printing related things from chromium_src
* chore: add printing build flag and patch
* fix: include PrintingService on other platforms too
* fix: printing_handler is only needed on Windows
* fix: format BUILD.gn properly
* fix: rename printing build flag to avoid conflict with chromium
* fix: place previously missed printing calls behind build flag
* fix: accidentally renamed flag in patch file
* fix: don't include all printing strings
* fix: allow ShowItemInFolder and OpenItem to block, fixing a DCHECK crash
* fix: make things compile, some changes got lost while rebasing
* fix: remove rogue line from BUILD.gn
* chore: update patch description
* style: lint fix
* chore: use chromium printing buildflag, move node related stuff out of patch
* revert: remove ScopedAllowBlockingForTesting call
* fix: fix my rebase blooper
* fix: re-add header lost during rebase, update patch
* fix: add <map> include, tweak the patch a bit
* revert: remove rogue diff from patch
* fix: clean up after rebase
* [ci skip] refactor: create request context from network context
* [ci skip] refactor: subscribe to mojo cookiemanager for cookie changes
* [ci skip] refactor: manage the lifetime of custom URLRequestJobFactory
* refactor: use OOP mojo proxy resolver
* revert: add support for kIgnoreCertificateErrorsSPKIList
* build: provide service manifest overlays for content services
* chore: gn format
* fix: log-net-log switch not working as expected
* spec: verify proxy settings are respected from pac script with session.setProxy
* chore: use chrome constants where possible
* fix: initialize request context for global cert fetcher
* refactor: fix destruction of request context getters
* spec: use custom session for proxy tests
* fix: queue up additional stop callbacks while net log is being stopped
* fix: Add CHECK for cookie manager retrieval
* chore: add helper to retrieve logging state for net log module
* fix: ui::ResourceBundle::GetRawDataResourceForScale => GetRawDataResource
* style: comment unused parameters
* build: move //components/certificate_transparency deps from //brightray
* chore: update gritsettings_resource_ids patch
* chore: update api for chromium 68
* fix: net log instance is now a property of session
* Disable nodeIntegration
* Enable contextIsolation
* Re-implement the CSP security check to handle running in
contextIsolation
* Disable bad DCHECKS for the promise helper
* Remove the unused "-d" flag for the electron binary
* Added a way to hide the default help output for electron devs who
don't want to see it every time
* perf: use an internal module resolver instead of relative requires
* perf: memoize the results of getting exported Electron properties
* perf: make internal module changes consistent across sandboxed / bundled files
* chore: replace standard with eslint-config-standard
This adds support for --cache so linting JS only takes ~1 second and only lints things that changed
It also allows us to add custom linting rules
* chore: add eslint-plugin-mocha and enable the no-exclusive-tests rule
This will block anyone from pushing / merging a `.only` test or describe
* remove obsolete tests
* remove unused deprecate API
* make a warnOnce helper for the deprecate methods
* misc. copyediting, e.g. variable names, whitespace
* test that any deprecation warns once at most
* use strict
* fix: use render client id to track deleted render process hosts
Instead of relying on OS process id, which may not be unique
when a process is reused, we rely on the renderer client id
passed by the content layer when starting the renderer process
which is guaranteed to be unique for the lifetime of the app.
* fix: store context id as int64_t
Ensuring that it doesn't wrap easily with a large number
of context creation on some malformed web pages.
* chore: reformat code
* refactor: getOrCreateArchive() for ASARs
- store cached archive in a Map
- return `null` instead of `false` on failures
* refactor: splitPath() for ASARs
- store custom extension in a constant
- remove magic numbers
- add comments
* refactor: explicitly use assert() for a developer error
* chore: remove console.log() calls
* refactor: replace "p" arguments with "pathArgument"
"path" would be a better name, but it is already taken
but the "path" Node module.
* refactor: createError() for ASARs
- return an `Error` instance
- use enum for error types
- minor improvements
* refactor: use more meaningful name for an arg than just "arg"
* feat: deprecate default value of nodeIntegration
* Use DeprecationStatus::Stable as the default instead of shadowing
* change wording of deprecations
* chore: also deprecate kWebviewTag and kContextIsolation
* chore: do as we preach, lets be secure-by-default in the default app
RenderProcessHost switch can happen between ipc calls when
speculative process are invvolved, which will lead to deletion
of entries on current context. Use OS process handles to
uniquely associate a destruction handler for a render process.
* fix: use OOIF for webview tag
* fix: do not call GetNativeView for webview
* fix: OOIPF webview's WebContents is managed by embedder frame
* fix: guest view can not be focused
* fix: clear zoom controller when guest is destroyed
* fix: implement the webview resize event
The webview is no longer a browser plugin with the resize event, use
ResizeObserver instead.
* test: disable failed tests due to OOPIF webview
* fix: embedder can be destroyed earlier than guest
This happens when embedder is manually destroyed.
* fix: don't double attach
* fix: recreate iframe when webview is reattached
* fix: resize event may happen very early
* test: some tests are working after OOPIF webview
* chore: remove unused browser plugin webview code
* fix: get embedder via closure
When the "destroyed" event is emitted, the entry in guestInstances would be
cleared.
* chore: rename browserPluginNode to internalElement
* test: make the visibilityState test more robust
* chore: guestinstance can not work with OOPIF webview
* fix: element could be detached before got response from browser
After after using `processId-contextCounter` as contextId, it may happen
that contexts in different WebContents sharing the same renderer process
get the same contextId. Using webContentsId as part of key in
ObjectsRegistry can fix this.
Replaces 'did-finish-load' with 'did-stop-loading' which semantically
maps to the events inside Chromium. Before I think we were relying
on a natural 99% winnable race condition.
Fixes#13504
After the page does navigations, garbage collection can still happen in
the old context. This commit changes to store references to remote objects
by _pages_, instead of by _WebContents_.
* Add promise helper and change whenReady to be native impl
* remove commented code
* add GetInner helper to dedupe promise code
* add Promise.reject helper to be consistent with JS
* fix linting
* update promise impl per feedback
* remove param name from unused isolate
* Use non-depreceated resolvers for promises
* Add thread dchecks for promise helper, intiialize promise pointer to nullptr
due to change in node.js(https://github.com/nodejs/node/issues/17076)
internalModuleReadFile has been renamed to internalModuleReadJSON, and
in vendor/node/lib/internal/modules/cjs/loader.js it will call
internalModuleReadJSON and result in can't read the package.json file.
* Introduce `net.{start|stop}Logging()`
- Slight regression right now as Electron won't automatically start logging net-logs at launch, will soon be fixed
- To implement callback for async controls
* Add `net.isLogging` & optional callback param for `net.stopLogging()`
* Fix small regression on --log-net-log
--log-net-log should work again
* Error on empty file path
* Only start with valid file path
* Remove unused var
* Allow setting log file path before URLRequestContextGetter starts logging
* Add net log tests
* Remove redundant checks
* Use brightray::NetLog
* Clean up code
* Should automatically stop listening
* 🎨 Attempt to fix styles
* Only run non-null callback
* Dump file to tmpdir
* Simplify net log spec
Spawned Electron process on Linux CI can fail to launch
* Separate netLog module
* Remove net logging test from net spec
* Add tests for netLog
* Fix header guard
* Clean up code
* Add netLog.currentlyLoggingPath
* Callback with filepath
* Add test for case when only .stopLogging() is called
* Add docs
* Reintroduce error on invalid arg
* Update copyright
* Update error message
* Juggle file path string types
* Make it possible to disable a module for a renderer
* Put DesktopCapturer API under a build flag
The name is "enable_desktop_capturer".
Enabled by default.
* Don't use JSON to send the result of `ipcRenderer.sendSync`.
- Change the return type of AtomViewHostMsg_Message_Sync from `base::string16`
to `base::ListValue`
- Adjust lib/browser/api/web-contents.js and /lib/renderer/api/ipc-renderer.js
to wrap/unwrap return values to/from array, instead of
serializing/deserializing JSON.
This change can greatly improve `ipcRenderer.sendSync` calls where the return
value contains Buffer instances, because those are converted to Array before
being serialized to JSON(which has no efficient way of representing byte
arrays).
A simple benchmark where remote.require('fs') was used to read a 16mb file got
at least 5x faster, not to mention it used a lot less memory. This difference
tends increases with larger buffers.
* Don't base64 encode Buffers
* Don't allocate V8ValueConverter on the heap
* Replace hidden global.sandbox with NodeBindings::IsInitialized()
* Refactoring: check NodeBindings::IsInitialized() in V8ValueConverter
* Refactor problematic test to make it more reliable
* Add tests for NaN and Infinity
Use a single synchronous IPC call to retrieve data required by early
sandbox scripts. This has two purposes:
- Optimize preload script initialization by:
- Using one synchronous IPC call to retrieve preload script,
webContentsId (more on that later), process.{platform,execPath,env}
- Lazy loading as many modules as possible.
- Fix#12316 for sandbox. @MarshallOfSound addressed the issue in
#12342, but it was still present in sandbox mode. By loading
webContentsId very early and skipping remote module at early
startup, we fix it for sandbox.
- introduce a currentPlatformSupportsAppIndicator() function determining
if app indicators are supported here.
- handle undefined process.env.XDG_CURRENT_DESKTOP
- added some comments to ensure that the intents are clear
Thanks MarshallOfSound
When the Chrome Extension has too many content scripts (above default
10 counts), there will be a warning: possible EventEmitter memory leak
detected. 11 listeners added.
* Refactor app.makeSingleInstance
* new API `app.isPrimaryInstance()`
* new API `app.isSingleInstance()`
* new event `app.on('second-instance')`
* deprecated old syntax `app.makeSingleInstance(cb)`
* deprecated old syntax of `app.makeSingleInstance() --> bool` in favor
of `app.isPrimaryInstance()`
* Fix spec, we don't need process.nextTick hacks any more
* Make deprecation TODO for the return value of makeSingleInstance
* Refactor makeSingleInstance to requestSingleInstanceLock and add appropriate deprecation comments
* I swear this isn't tricking the linter
* Make const
* Add deprecation warnings for release, and add to planned-breaking-changes
BREAKING CHANGE
Multiple sessions inherits the "ubuntu" base settings properties in ubuntu.
One of the most popular one is communitheme: the next ubuntu default theme
has its dedicated session, with thus duplicated indicators for dropbox.
Rather than a string comparison for ubuntu, only match a substring then.
XDG_CURRENT_DESKTOP can be of form: "communitheme:ubuntu:GNOME",
"ubuntu:GNOME", …
Fixes: #12843.
Add four new optional properties to menus in Electron. The four properties are:
'before'
'after'
'beforeGroupContaining'
'afterGroupContaining'
'before/after' - provides a means for a single context menu item to declare its placement relative to another context menu item. These also imply that menu item in question should be placed in the same “group” as the item.
'beforeGroupContaining/afterGroupContaining - provides a means for a single menu item to declare the placement of its containing group, relative to the containing group of the specified item.
* add did-frame-navigate event to WebContents, pass http response code to it and did-navigate
* docs for frame routing id related api changes on WebFrame and WebContents
* expose WebFrame#routingId and pass it to WebContents frame specific events along with frameProcessId; add WebContets.did-start-navigation event
* fix compilation error on ia32 Windows
* add cause property to exception in callFunction
* update exceptionToMeta function
* add sender argument
* and cause property to return value
* update exception convert in metaToValue function
* add from and cause properties to the exception error
* unit test for remote exception
* Add a screen_api_id parameter to the desktopCapturer API.
When using the DirectX capturer on Windows, there was previously no way
to associate desktopCapturer/getUserMedia and electron.screen API
screens. This new parameter provides the association.
* Fix non-Windows build.
* Fix Mac.
* Fix Mac harder.
* JS lint
* clang-format C++ code.
* IWYU
* display_id, Linux comment, better test
* lint
* Fix tests on Linux.
* Add display_id documentation.
* Propagate referrer to new windows
Fixes#9205
* Rearrange -new-window event arguments for backwards-compatibility
* Plumb referrer policy through guest-window-manager
* Document the Referrer structure and its uses
* Add tests for referrer in new windows
* Docs nits
Fixes#12311
Right now it throws a new error when the file is even require()d, but this isn't ideal as there are cases where everything is mass-required, such as Spectron. Instead, we should throw an error on non-Darwin environments only when the IAP methods are invoked.
* Remove the race condition between new process creation and old process releasing remote context
Previously there was a race condition where the getId() method would return the new context ID even
though the release was for the old context. This changes it to send the "initial" context ID with
the release message to ensure there is no race.
* fetch context ID from remote in sandbox mode
* Persist defaults to webPreferences object to JS land can read the inferred values instead of just user defined values
* Test inherited default propogation
* Refactor to remove coupling from fetching values and defaults
* Test description type
* Fix up tests
* This is to enable more browser-like behavior so that users who run third-party code
will not be DOS'ed with alerts and confirms. This is already handled like this
in most major browsers so this will greatly help these developers
* Fix child touch bar items not updating
Deep children of a TouchBar didn't cause the top level touch bar to update, now they do
Fixes#11761.
* Remove unused newValue property in TB setter
* add function to remove leading/trailing separators
* change const name for clarity
* add spec to check filtered separators
* clean method and add edge case spec per review
The event is emitted when the OS is rebooting/shutting down, and allows
an electron app to call `e.preventDefault()` in order to delay shutdown
and exit cleanly.
* 🔧 Add security issue detection (and logs)
* 🔧 Check for it on load
* 👷 Add some tests
* 👷 Make the linter happy
* 🔧 Allow them to be enabled by force
* 📝 Make message slightly prettier
* 🔧 Fix a typo in the code comment
* 🔧 Classic mistake
* 🚀 Optimize things a bit more
* 👷 Add tests, fix tests
* 📝 Document things
* 🔧 Make linter happy
* 🔧 One more piece of cleanup
- For more flexibility in designing the recent documents menu, now there can be one menu item (known issue: you may specify more but AppKit doens't display more than one) in the submenu list, rather than separating the labels with a tab.
- Also added is the role `clearrecent` that can be given to a menu item that can clear the recent documents.
- Does not yet accept any options except label--"Clear Menu" can't be modified through exposed node API
- If `openrecent` is present across multiple menu items, the last seen will be visible in the main menu due to that it is designed to behave like a singleton