Commit graph

87 commits

Author SHA1 Message Date
Milan Burda
8483cb4aa7 security: only handle related IPCs when <webview> tag is enabled (#15859)
* refactor: move guest-view-manager related IPC handling out of rpc-server

* feat: only handle related IPCs when <webview> tag is enabled
2018-11-30 18:44:38 +09:00
Jeremy Apthorp
0642be296d
fix: crash in sandbox on linux when getting execPath (#15701) 2018-11-15 12:59:01 -08:00
Cheng Zhao
a8f2646ba6 Fix missing remote object error when calling remote function created in preload script (#15444)
* fix: report wrong context error based on contextId

* fix: destroyed remote renderer warning is now async
2018-10-31 11:26:57 -04:00
Milan Burda
db37ab1039 feat: add remote.require() / remote.getGlobal() filtering (#15014) 2018-10-18 14:36:45 +11:00
Milan Burda
508551b81b fix: small refactoring regressions (#15206)
* fix: require('@electron/internal/browser/guest-view-manager')

* fix: add missing crashServicePid used by tests
2018-10-17 12:18:18 -07:00
Milan Burda
d3efc52745 feat: add webPreferences.enableRemoteModule option (#13028) 2018-10-13 20:50:07 +03:00
Milan Burda
b50f86ef43 refactor: use separate ipc-renderer-internal / ipc-main-internal APIs for Electron internals (#13940) 2018-10-07 00:48:00 +13:00
Milan Burda
5efb0fdff1 feat: add security warnings to sandboxed renderers (#14869)
Also refactor not to use the remote module.
2018-10-03 21:36:12 +02:00
Milan Burda
3ad3ade828 refactor: add prefer-const to .eslintrc + fix errors (#14880) 2018-10-02 11:56:31 +10:00
Milan Burda
d48f9bcf7f refactor: implement <webview> methods via dedicated IPCs without the remote module (#14377) 2018-10-01 10:07:50 +09:00
Milan Burda
b499d57cfd refactor: use error-utils for remote exception serialization / deserialization (#14788)
* refactor: use error-utils for remote exception serialization / deserialization

* fix internal process.type in sandboxed renderer
2018-09-26 15:44:55 +10:00
Milan Burda
3df739fa89 refactor: implement crashReporter.start() without the remote module (#14434) 2018-09-26 15:43:34 +10:00
Samuel Attard
54ef906832
[RFC] perf: use an internal module resolver to improve require performance (#14633)
* perf: use an internal module resolver instead of relative requires

* perf: memoize the results of getting exported Electron properties

* perf: make internal module changes consistent across sandboxed / bundled files
2018-09-20 13:43:26 +10:00
Samuel Attard
558fff69e7
chore: update to standard 12 2018-09-14 14:57:01 +10:00
Milan Burda
28e4fcea3b refactor: move common logic to handleRemoteCommand 2018-08-27 21:06:03 +02:00
Milan Burda
f1fe485768 fix: don't expose desktopCapturer in sandboxed renderers if the feature is disabled (#14310) 2018-08-27 13:16:52 -05:00
Milan Burda
c23e7fa101 refactor: implement ipcRenderer.sendTo in native code for better performance (#14285) 2018-08-24 14:14:39 -07:00
Milan Burda
fc85d02786 feat: expose missing process APIs in sandboxed renderers (#13505) 2018-08-21 11:05:45 -07:00
Milan Burda
702cc84bd3 Don't pass preloadPath via ELECTRON_BROWSER_SANDBOX_LOAD for security reasons (#13031) 2018-08-10 17:19:49 -05:00
Milan Burda
db38c8b620 Fix process.execPath returning parent process path instead of the helper in sandboxed renderer (#13839) 2018-07-30 11:13:42 +10:00
Cheng Zhao
3094f62f0b
fix: use webContentsId with contextId together (#13749)
After after using `processId-contextCounter` as contextId, it may happen
that contexts in different WebContents sharing the same renderer process
get the same contextId. Using webContentsId as part of key in
ObjectsRegistry can fix this.
2018-07-24 16:21:38 +09:00
Cheng Zhao
305e3aad40
refactor: remove private webContents.getId() API (#13674) 2018-07-23 18:08:36 +09:00
Cheng Zhao
4cdb1b8fc3 fix double-freeing remote references
After the page does navigations, garbage collection can still happen in
the old context. This commit changes to store references to remote objects
by _pages_, instead of by _WebContents_.
2018-07-12 10:44:26 +09:00
Milan Burda
08ccc2d624 refactor: rpc-server.js cleanup (#13420)
* refactor: don't declare variables C-style in JavaScript

* refactor: use new constructor(...args) in rpc-server.js
2018-06-27 11:00:05 +10:00
Milan Burda
4cfe5ecaa4 add proper support for typed arrays in remote (#13055) 2018-05-24 21:05:46 +09:00
Thiago de Arruda
6f076f7433 Refactor sandbox preload initialization. (#12877)
Use a single synchronous IPC call to retrieve data required by early
sandbox scripts. This has two purposes:

- Optimize preload script initialization by:
  - Using one synchronous IPC call to retrieve preload script,
  webContentsId (more on that later), process.{platform,execPath,env}
  - Lazy loading as many modules as possible.
- Fix #12316 for sandbox. @MarshallOfSound addressed the issue in
  #12342, but it was still present in sandbox mode. By loading
  webContentsId very early and skipping remote module at early
  startup, we fix it for sandbox.
2018-05-21 22:56:05 +10:00
Milan Burda
7c19ae302e replace isEventEmitter with instanceof EventEmitter (rpc-server) (#12998) 2018-05-21 10:00:56 +09:00
Milan Burda
5a5eb43359 detect EventEmitter in removeRemoteListenersAndLogWarning (#12975) 2018-05-18 11:09:25 +09:00
Milan Burda
9b56ca3961 Fix optimizeSimpleObject for arrays of objects (#12815) 2018-05-03 22:34:30 -05:00
Tatsuya Hiroishi
9c65abd746 handle remote exception (#12694)
* add cause property to exception in callFunction

* update exceptionToMeta function

* add sender argument
* and cause property to return value

* update exception convert in metaToValue function

* add from and cause properties to the exception error

* unit test for remote exception
2018-04-24 08:40:19 -04:00
Samuel Attard
0ac883c6d4
Remove the race condition between new process creation and context release (#12342)
* Remove the race condition between new process creation and old process releasing remote context

Previously there was a race condition where the getId() method would return the new context ID even
though the release was for the old context.  This changes it to send the "initial" context ID with
the release message to ensure there is no race.

* fetch context ID from remote in sandbox mode
2018-03-20 15:54:47 +11:00
Samuel Attard
795447f61a Implement dialog (alert/confirm) blocking as a user switch after the first dialog
* This is to enable more browser-like behavior so that users who run third-party code
  will not be DOS'ed with alerts and confirms.  This is already handled like this
  in most major browsers so this will greatly help these developers
2018-03-06 11:19:15 +09:00
Heilig Benedek
cafb9477b0 lint fix 2017-11-13 15:46:46 +09:00
Heilig Benedek
13b86598e8 don't show osr dummy window when dialog is shown on mac 2017-11-13 15:46:46 +09:00
Hari Juturu
340431750b Removing try/catch 2017-08-17 10:56:37 -07:00
Hari Juturu
9120774c00 Fixing uncaught exception on window close 2017-08-15 14:59:48 -07:00
Thiago de Arruda
6b5bd3b6ce Fix how rpc-server releases references after page reload
In addition to listening for "render-view-deleted", listen for
"ELECTRON_BROWSER_CONTEXT_RELEASE" synchronous message, which is sent by the
remote module when the page is about to be navigated.

This is required to allow child windows running in the same renderer to
correctly manage remote object references, since `render-view-deleted` is only
called when the renderer exits.

Close #9387
2017-05-16 09:05:52 -03:00
Kevin Sawicki
fdd36334e5 Match args style of other IPC handlers 2017-04-04 11:18:16 -07:00
Kevin Sawicki
7065123266 Wrap remote value being set as an arg 2017-04-04 11:18:16 -07:00
Thiago de Arruda
e9b955b9ec Use remote/fs to read preload script during sandboxed setup
Also expose the "fs" module to preload scripts, as a shortcut to
`require('electron').remote.require('fs')`
2017-03-16 14:23:00 -03:00
Greg Nolle
e29b64a18a modify CertVerifier Class
* respond to multiple similar verification requests.
* accept net error result as callback response.
2017-02-08 11:59:43 -08:00
Kevin Sawicki
56a8eb3a94 Check that sender is a WebContents instance 2017-01-25 12:36:55 -08:00
Charlie Hess
ddedcf22d1 Move console.warn inside the helper method. 2017-01-25 12:36:55 -08:00
Charlie Hess
f6410d3b77 Assert that listener count decreases after a remove event. 2017-01-25 12:36:55 -08:00
Charlie Hess
c213971a2d Write a warning instead of crashing. 2017-01-25 12:36:55 -08:00
Charlie Hess
bc2f1e8199 Argh. 2017-01-25 12:36:55 -08:00
Charlie Hess
63d8137da2 Use EventEmitter public methods instead of _events. 2017-01-25 12:36:55 -08:00
Kevin Sawicki
45986405b8 Assert remote event names 2017-01-25 12:36:55 -08:00
Charlie Hess
a0b24bd155 Simplify. 2017-01-25 12:36:55 -08:00
Charlie Hess
67f7a60524 Review CommentZ 2017-01-25 12:36:55 -08:00