Commit graph

308 commits

Author SHA1 Message Date
Felix Rieseberg
d586ef2f39 feature: Hot security tips (#11810)
* 🔧 Add security issue detection (and logs)

* 🔧 Check for it on load

* 👷 Add some tests

* 👷 Make the linter happy

* 🔧 Allow them to be enabled by force

* 📝 Make message slightly prettier

* 🔧 Fix a typo in the code comment

* 🔧 Classic mistake

* 🚀 Optimize things a bit more

* 👷 Add tests, fix tests

* 📝 Document things

* 🔧 Make linter happy

* 🔧 One more piece of cleanup
2018-02-03 07:50:12 -07:00
Shelley Vohr
b74304145e
createShadowRoot => attachShadow 2018-01-31 19:29:23 -05:00
Zhuo Lu
d45914c3f7 MenuItem roles camelCase-compatible 2017-12-28 13:28:20 +08:00
Cheng Zhao
cb3a9c69ab Add a SessionPreferences to manage session related data
By design the BrowserClient should not be aware of the api:: classes.
2017-12-05 15:59:15 +09:00
Samuel Attard
d9359d8b6c s/global/session in constants 2017-12-05 11:35:53 +09:00
Samuel Attard
d2707315e6 s/global/session 2017-12-05 11:35:53 +09:00
Samuel Attard
0ddd078aaf Add ability to set global preload scripts 2017-12-05 11:35:27 +09:00
Cheng Zhao
59476f0b30 Create webContents for webview even when src is not set 2017-12-01 10:35:23 +09:00
Felix Rieseberg
f7d6e3fa7b 🔧 Disable standard/no-callback-literal where necessary 2017-11-23 13:53:03 -08:00
Charles Kerr
5eb00e45aa
Merge pull request #11158 from electron/execute-errors
fix: Pass on errors thrown in `executeJavaScript`
2017-11-20 09:14:05 -06:00
Ronald Eddy
14c6e78147 Update electron.atom.io -> electronjs.org
Update electron.atom.io -> electronjs.org to reduce redirects and speed navigation.
2017-11-19 04:01:33 -08:00
Felix Rieseberg
1dea186a6e :thinking_face: What if you could return an Error? 2017-11-18 00:50:53 -08:00
Shelley Vohr
8736a41cfb
Merge pull request #10909 from electron/update_remote
Simplify and remove excess code from remote module
2017-11-03 09:16:28 -04:00
Shelley Vohr
803fa35484
fix null value check 2017-11-03 08:47:21 -04:00
Shelley Vohr
2b2c7d7f9f
fix object serialization test issue 2017-11-02 21:29:17 -04:00
Shelley Vohr
5c318932c2
add some structural changes 2017-11-02 21:07:40 -04:00
Charles Kerr
1c09dede1a singletons that are retroactively turned into EventEmitters should call the EventEmitter ctor 2017-11-01 23:05:27 -05:00
John Kleinschmidt
beb06c0787 Merge pull request #10537 from qazbnm456/improve-content_scripts.css
[Security] Use textContent instead innerHTML to remediate DOM based XSS
2017-10-26 11:51:43 -04:00
Shelley Vohr
5f6f117bad
changes from review 2017-10-25 23:41:11 -04:00
Shelley Vohr
d4880b135a
revert ipc lookup table 2017-10-25 15:36:16 -04:00
Shelley Vohr
c0f2a7b44a
fix standard issues 2017-10-25 09:56:02 -04:00
Shelley Vohr
f129622446
clean up remote 2017-10-25 09:51:21 -04:00
Shelley Vohr
7593bec687
update reviewed items 2017-10-24 19:36:06 -04:00
Shelley Vohr
b58ceae69c
appease linter gods 2017-10-24 12:28:15 -04:00
Shelley Vohr
43e118fe45
update desktop capturer and remove unnessary vars 2017-10-24 12:01:51 -04:00
Felix Rieseberg
2bd8877be3 🔧 String comparison 2017-10-07 08:26:32 -07:00
Felix Rieseberg
63749e281d 🔧 Linters gotta lint 2017-10-06 13:36:54 -07:00
Felix Rieseberg
11ac780caf 🔧 Add security warning 2017-10-06 13:02:54 -07:00
Boik
16499358b3 fix lint 2017-09-17 14:09:12 +08:00
Boik
d86724f17a code improvement 2017-09-17 13:56:22 +08:00
Boik
26e6f2c46c use textContent instead innerHTML to remediateDOM based XSS vulnerbilities 2017-09-17 11:27:03 +08:00
Alexandre Lachèze
e1a232e7c8 Add support for css in content_scripts 2017-09-14 17:23:33 +09:00
Cheng Zhao
bd87982b5c Merge pull request #10075 from alexstrat/fix/fix-content_scripts-match
Fix content scripts matches
2017-07-24 15:27:55 +09:00
Cheng Zhao
25f168cecb Merge pull request #9951 from alexstrat/fix-chrome-storage
Fix chrome storage access scope
2017-07-24 14:01:15 +09:00
Alexandre Lachèze
a2ba4e0a6a fix content scripts matches 2017-07-20 20:01:49 +02:00
Alexandre Lachèze
498f344e2e Correct mkdir 2017-07-20 19:50:55 +02:00
Kevin Sawicki
553021bc9c Only assign opener when not using nativeWindowOpen 2017-07-17 11:55:15 -07:00
Alexandre Lachèze
ec8407c65d Recursively mkdir the parent directories 2017-07-11 00:56:45 +02:00
Alexandre Lachèze
c85f3cbd2c Change storage implementation to async 2017-07-11 00:35:53 +02:00
Alexandre Lachèze
9aac8967aa 👕 2017-07-10 23:56:44 +02:00
Alexandre Lachèze
969c74b886 Use es6 string templating 2017-07-10 23:50:59 +02:00
Alexandre Lachèze
73e8769b1f content_scripts[].matches use the URL without hash part 2017-07-07 04:14:36 +02:00
Alexandre Lachèze
ec10338364 Per-extension storage 2017-07-07 03:13:19 +02:00
Alexandre Lachèze
d2002ff3fc Use a file as Chrome Storage rather than localStorage 2017-07-07 03:06:53 +02:00
Birunthan Mohanathas
7d2226e05e Let Chromium manage document.visibilityState and document.hidden
Chromium already includes the necessary plumbing to manage the
visibility properties and `visibilitychange` event so this gets rid of
most of our custom logic for `BrowserWindow` and `BrowserView`.

Note that `webview` remains unchanged and is still affected by the issues
listed below.

User facing changes:

- The `document` visibility properties and `visibilitychange` event are
  now also updated/fired in response to occlusion changes on macOS. In
  other words, `document.visibilityState` will now be `hidden` on macOS
  if the window is occluded by another window.

- Previously, `visibilitychange` was also fired by *both* Electron and
  Chromium in some cases (e.g. when hiding the window). Now it is only
  fired by Chromium so you no longer get duplicate events.

- The visiblity state of `BrowserWindow`s created with `{ show: false }`
  is now initially `visible` until the window is shown and hidden.

- The visibility state of `BrowserWindow`s with `backgroundThrottling`
  disabled is now permanently `visible`.

This should also fix #6860 (but not for `webview`).
2017-06-06 15:16:01 -07:00
Kevin Sawicki
a285a3e64b Default webviewTag to false 2017-05-17 14:01:45 -07:00
Kevin Sawicki
bde13353fb Rename option to webviewTag and default to nodeIntegration value 2017-05-17 13:12:23 -07:00
Kevin Sawicki
837ea884de Merge remote-tracking branch 'origin/master' into enable-webview 2017-05-17 12:45:29 -07:00
Thiago de Arruda
6b5bd3b6ce Fix how rpc-server releases references after page reload
In addition to listening for "render-view-deleted", listen for
"ELECTRON_BROWSER_CONTEXT_RELEASE" synchronous message, which is sent by the
remote module when the page is about to be navigated.

This is required to allow child windows running in the same renderer to
correctly manage remote object references, since `render-view-deleted` is only
called when the renderer exits.

Close #9387
2017-05-16 09:05:52 -03:00
HariJ
a05eb9047e Fixing missed variable name 2017-05-08 18:50:20 -07:00