Commit graph

456 commits

Author SHA1 Message Date
Milan Burda
419ce494e9 refactor: use IPC helpers in window-setup (#17948) 2019-07-09 02:43:49 +03:00
Milan Burda
69ea0b4ebf fix: ignore non-absolute session preload script paths when sandboxed (#19066) 2019-07-03 08:05:45 -07:00
Jeremy Apthorp
616856552f
test: fix flaky onbeforeunload tests (#19085) 2019-07-02 13:48:58 -07:00
Jerry Wu
dee331519c fix: disable nodeIntegration & insecure resource warnings for localhost (#18814)
* fix: disable remote host nodeIntegration warning for localhost

In warnAboutNodeWithRemoteContent(), add a check to see if the hostname
is "localhost" and prevent the warning message if it is.

* fix: disable loading insecure resources warning for localhost

In warnAboutInsecureResources(), filter out resources from localhost
since they are most likely not a threat.

* test: add tests for ignoring security warnings when using localhost

Add tests for ignoring warning messages for the following scenarios:
  1. node integration with remote content from localhost
  2. loading insecure resources from localhost

* test: fix insecure resource test

* test: pass nodeIntegration with remote test on did-finish-load

* test: maybe fix node integration test (error w/ conv circular struct)

* test: update test description

* test: use "load" event to check when nodeIntegration test has finished

Instead of relying on the "did-finish-load" event, which may result in
a race condition, add an "onload" handler that logs "loaded" to the
console. This will execute _after_ the nodeIntegration check, so it
can be safely used as a signal to indicate that the test is done.

* test: rename base-page-security-load-message.html

* fix: ignore enabled remote module warning for localhost

* refactor: add isLocalhost()
2019-07-02 19:36:50 +09:00
Jeremy Apthorp
ec8697bcdc
test: move protocol specs to main process (#18923) 2019-06-27 14:20:29 -07:00
Milan Burda
79f0c444fd fix: app.getAppPath() returning default-app path for files or directories without package.json (#18763) 2019-06-19 23:34:22 +02:00
Micha Hanselmann
504edf2cf6 test: correct fake tests in api-protocol-spec (#18869)
* fix protocol 404 fake tests

* fix another fake test

* fix last fake test (hopefully)
2019-06-19 13:40:49 -07:00
Nitish Sakhawalkar
f98454e5dd fix: use crashpad on Windows (#18483)
* Initial changes to use crashpad for windows

* Remove crashpad patch

* Report error when failed to connect pipe

* Allow crashpad to communicate with named pipe

* Add patch to make crashpad named pipe work

* Windows also needs crashReporter on main process

* Call SetUnhandledExceptionFilter in node process

Node can also use crash reporter.

* Do not treat node process as browser process

* No more need to manually start crash service

* Use base::StringPrintf for better readbility

* Print error when pipe name not available

* Make sure pipe name is updated

Note that the crashpad may be started after renderer process gets
created.

* Fix some tests

* Update node

* Exclude crashpad files on Linux and MAS

* Fix lint warning

* Remove unused checks

* kCrashpadPipeName is only available on Windows

* Fix uploadToServer tests

* Fix extra params tests

* Fix getCrashesDirectory tests

* Run crashReporter tests on CI

* Style fixes

* Update crashreporter docs

* Rename InitBreakpad to Init

* Add comment for process_type_.empty() and UTF16ToASCII to UTF16ToUTF8.

* Update build.gn include crashpad headers

* Address comment https://github.com/electron/electron/pull/18483#discussion_r290887898

* Avoid using api::WebContents

* Put kRunAsNode in atom_constants

* Remove duplicate settings on upload params

* Fix building on macOS

* Update description for crashpad_pid_check.patch
2019-06-13 15:42:21 +09:00
Jeremy Apthorp
e5d1e7b4da fix: move window.open postMessage test to main runner to fix flake (#18735) 2019-06-12 08:35:58 +09:00
Alexandre Lacheze
b4276835d8 fix: lost window.opener after cross-origin navigation (#18173)
* Get a site instance related to current one instead of creation a new one

Using `GetRelatedSiteInstance` will keep the relation (same browsing instance) between the current and the new site instance.

* Some relies on preloads in opened window

The fact that, now, we always have an opener for opened windows diables note integration in opened windows, except if `nodeIntegrationInSubFrames` is enabled.

* Add a test on window.opener after cross-orgin navigation

* Make sure to unregisterProtocol in tests

* Introduc and use a NetworkSandbox for tests

* Modify tests about zoom persistence to properly simulate cross-origin navigation

* Revert "Modify tests about zoom persistence to properly simulate cross-origin navigation"

This reverts commit 0a7537f2eb7f183ddec16637e8a2e92a0d600321.
2019-06-03 13:23:15 -07:00
Samuel Attard
87ae9324ac
feat: Add option to conditionally disable site instance patches (#18396)
* chore: allow conditional disable of the site instance override patches at runtime

* feat: add app.allowRendererProcessReuse property to allow runtime disable of site instance overrides

spec: add tests for the new allowRendererProcessReuse property

feat: add console warnings / errors for loading non context-aware native modules
  * Only error if the patch is disabled
  * Warn all the time, this will ship in Electron 7
2019-05-31 15:47:18 -07:00
Milan Burda
a1226d75ff feat: add process.getBlinkMemoryInfo() (#17762) 2019-05-30 11:50:35 +02:00
Jeremy Apthorp
1a609f0caf
test: move several session specs to the main runner (#18433) 2019-05-28 14:12:59 -07:00
Jeremy Apthorp
646f572b77
refactor: netLog directly uses network service (#18289) 2019-05-23 15:31:38 -07:00
Cheng Zhao
8de9ba6df6
chore: run protocol tests in separate WebContents (#18202) 2019-05-10 09:51:44 +09:00
Shelley Vohr
02710ef574 refactor: make templateImage a property on nativeImage (#18124)
* refactor: make templateImage a property on nativeImage

* Update docs/api/native-image.md

Co-Authored-By: codebytere <codebytere@github.com>

* fix nativeImage prototype deprecation

* update for new property name

* Update docs/api/native-image.md

Co-Authored-By: codebytere <codebytere@github.com>
2019-05-07 06:52:07 -07:00
Shelley Vohr
cfb6e847a0 refactor: allow embedder overriding of internal FS calls (#17906) (#18183) 2019-05-07 06:44:32 -07:00
Samuel Attard
67b3fbca89
fix: ensure the inspector agent is shutdown before cleaning up the node env (#18028)
* fix: ensure the inspector agent is shutdown before cleaning up the node env

* spec: add tests to ensure clean shutdown with connected inspector agent

* Update node_debugger.cc
2019-04-30 15:44:40 -07:00
Shelley Vohr
d87b3ead76 chore: remove promisification deprecation callbacks (#17907)
* chore: remove promisification deprecation callbacks

* update docs

* fix smoke test

* fix executejs issue

* cleanup leftovers

* fix webContents.executeJavaScript tests

* cleanup WebContents.prototype.takeHeapSnapshot

* fix "sets arbitrary webContents as devtools" test

* fix executeJavaScriptInFrame related tests
2019-04-30 07:08:32 -07:00
Samuel Attard
be6fb7cb12 fix: ensure the sandboxed preloads globals do not leak (#17712) 2019-04-16 10:57:02 -07:00
Shelley Vohr
c4020308c9
test: remove non-applicable processMemoryInfo specs (#17679) 2019-04-05 07:53:25 -07:00
Milan Burda
77d59e99b6 feat: emit process 'loaded' event in sandboxed renderers (#17680) 2019-04-04 11:35:06 -07:00
Samuel Attard
b8dbe4bc15
spec: add tests for the autoUpdater on macOS that actually test if it works (#17442)
* spec: add tests for the autoUpdater on macOS that actually test if it works

* spec: add express as dep

* spec: add logic to auto-trust self-signed certificate and not run autoupdate specs on MAS

* build: fix the step name for importing the codesign cert

* chore: update updater spec PR as per feedback

* fix: s/atomBinding/electronBinding

* build: use spawn instead of exec
2019-03-29 17:32:52 -07:00
Milan Burda
546466b209 feat: add <webview>.getWebContentsId() (#17407) 2019-03-26 10:57:27 +09:00
Milan Burda
53f4af7722 fix: regressions introduced by adding world isolation to Chrome extension content scripts (#17422) 2019-03-19 14:45:48 +01:00
Heilig Benedek
43ef561d48 feat: enable NodeIntegrationInSubFrames for webview (#17226)
* feat: enable nodeIntegrationInSubFrames for webview

* test: add tests

* docs: document webview's nodeintegrationinsubframes

* lint: fix indent

* fix: resolve some merge bloopers
2019-03-15 10:39:20 -07:00
Jeremy Apthorp
ea6a926494 test: add test for second-instance event parameter (#16798)
* test: add test for second-instance event parameter

* robustify getting data from child process

* fix test on windows

* fix lint

* Update api-app-spec.js

* fix package-lock.json
2019-03-12 11:56:28 -04:00
Samuel Maddock
8ee153dae1 feat: add support for content scripts 'all_frames' option (#17258)
* feat: add support for content scripts 'all_frames' option

* merged content script tests

'all_frames' test now runs on all variants of sandbox/contentIsolation configurations :D
2019-03-08 15:53:25 -08:00
Samuel Maddock
42b7b25ac3 feat: support chrome extensions in sandboxed renderer (#16218)
* Add content script injector to sandboxed renderer

* Fix 'getRenderProcessPreferences' binding to the wrong object

* Pass getRenderProcessPreferences to content-scripts-injector

* Emit document-start and document-end  events in sandboxed renderer

* Use GetContext from RendererClientBase

* Prevent script context crash caused by lazily initialization

* Remove frame filtering logic for onExit callback

Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.

* Add initial content script tests

* Add contextIsolation variants to content script tests

* Add set include

* Fix already loaded extension error

* Add tests for content scripts 'run_at' options

* Catch script injection eval error when CSP forbids it

This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.

* Fix content script tests not properly cleaning up extensions

* Fix lint and type errors
2019-03-07 16:00:28 -08:00
Samuel Maddock
8ec304f32f fix: run subframe preload bundles in isolated context (#17165)
* fix: run subframe preload bundles in isolated context

* test subframe contextIsolation when disabled
2019-03-07 14:46:57 -08:00
Milan Burda
676c02611d spec: add missing checks to "validates process APIs access in sandboxed renderer" (#17129) 2019-02-28 22:24:18 -08:00
Milan Burda
7e7abc28f5 feat: promisify netLog.stopLogging (#16862) 2019-02-19 10:48:27 +00:00
Samuel Maddock
8f6a543398 feat: add chrome.runtime.getManifest (#16891)
* feat: add chrome.runtime.getManifest

* Add test for chrome.runtime.getManifest

* Use IPC utils for getManifest internals
2019-02-13 07:16:12 -10:00
John Kleinschmidt
6a47089c78
ci: Refactor mksnapshot test so that it doesn't stall. (#16875) 2019-02-11 12:21:00 -10:00
Samuel Attard
10607f7e86
chore: make crash-reporter specs not use URL module (#16840) 2019-02-08 13:22:07 -08:00
Milan Burda
fa5442f211 fix: execute session preload scripts in sandboxed renderers (#16538) 2019-01-29 10:16:46 +09:00
Shelley Vohr
d105dcc0d3
feat: promisify webContents.hasServiceWorker() (#16535)
* feat: promisify contents.hasServiceWorker()

* spec: add initial test for hasServiceWorker()
2019-01-26 10:23:16 -08:00
Charles Kerr
8396a2d504
feat: promisify cookies api (#16464)
* feat: promisify the Cookie API

* chore: update specs to test promisified cookies

* chore: add deprecate wrapper for cookie callback API

* docs: update docs to cookie promise changes

* chore: remove redundant namespace use

* docs: improve cookie example

* docs: restore docs for cookie callback API

* chore: restore cookie callback tests

* fix: syntax of cookie promise return types
2019-01-25 12:11:35 -06:00
Samuel Attard
58a6fe13d6
feat: preloads and nodeIntegration in iframes (#16425)
* feat: add support for node / preloads in subframes

This feature has delibrately been built / implemented in such a way
that it has minimum impact on existing apps / code-paths.
Without enabling the new "nodeSupportInSubFrames" option basically none of this
new code will be hit.

The things that I believe need extra scrutiny are:

* Introduction of `event.reply` for IPC events and usage of `event.reply` instead of `event.sender.send()`
* Usage of `node::FreeEnvironment(env)` when the new option is enabled in order to avoid memory leaks.  I have tested this quite a bit and haven't managed to cause a crash but it is still feature flagged behind the "nodeSupportInSubFrames" flag to avoid potential impact.

Closes #10569
Closes #10401
Closes #11868
Closes #12505
Closes #14035

* feat: add support preloads in subframes for sandboxed renderers

* spec: add tests for new nodeSupportInSubFrames option

* spec: fix specs for .reply and ._replyInternal for internal messages

* chore: revert change to use flag instead of environment set size

* chore: clean up subframe impl

* chore: apply suggestions from code review

Co-Authored-By: MarshallOfSound <samuel.r.attard@gmail.com>

* chore: clean up reply usage

* chore: fix TS docs generation

* chore: cleanup after rebase

* chore: rename wrap to add in event fns
2019-01-22 11:24:46 -08:00
Jeremy Apthorp
92b9525cfd
feat: enable mixed-sandbox mode by default (#15894) 2019-01-22 10:44:28 -08:00
Shelley Vohr
3ca87d205f
feat: make zoomLevel/zoomFactor sync (#16410)
* feat: make zoomLevel/zoomFactor sync

* update ts defs dep
2019-01-20 23:40:27 -08:00
Milan Burda
7d4a1223fd feat: add preload-error event to webContents (#16411) 2019-01-18 12:03:43 +01:00
Milan Burda
23d44e322d feat: use default-app behavior in packaged apps (#16310)
Unify the behavior between default app and packaged apps:
- create default application menu unless the app has one
- default window-all-closed handling unless the app handles the event
2019-01-15 21:35:53 +01:00
Alex Garbutt
dcb670fa46 fix: emit IPC event in correct context if isolation and sandbox enabled (#16352)
* fix: emit IPC event in correct context if isolation and sandbox enabled

IPC events were not being delivered to renderer processes when both
`contextIsolation` and `sandbox` were enabled. This is because the
`AtomSandboxedRenderFrameObserver` class was incorrectly using the
`MainWorldScriptContext`, rather than conditionally selecting the
context based on if isolation was enabled.

Fixes #11922
2019-01-12 14:19:20 +01:00
Robo
52fe92d02e feat: Upgrade to Chromium 71.0.3578.98 (#15966) 2019-01-11 17:00:43 -08:00
Milan Burda
fade3eb679 chore: make "nodeIntegration" and "webviewTag" default to false (#16235) 2019-01-07 22:19:27 +03:00
Milan Burda
6f117b8e0c feat: add app.commandLine.hasSwitch() / app.commandLine.getSwitchValue() (#16282)
* feat: add app.commandLine.hasSwitch() / app.commandLine.getSwitchValue()

* add more tests

* refactor: move appendSwitch / appendArgument to command_line module

* replace AppendSwitchASCII with AppendSwitchNative

* remove castArgs
2019-01-07 07:48:27 -08:00
Pedro Pontes
9c783f53ba fix: do not allow the window to grab focus when tabbing / shift+tabbing (#16042)
* fix: do not allow the window to grab focus when tabbing / shift+tabbing

* test: add tests.
2018-12-18 23:44:51 -07:00
Cheng Zhao
8584c2f14b
fix: register webview in main world when using contextIsolation (#16067) 2018-12-14 15:38:35 +09:00
Pedro Pontes
d5d1fa8290 fix: use appropriate site instance for cross-site nav's (#15821)
* fix: use Chromium's determined new site instance as candidate when navigating.

When navigating to a new address, consider using Chromium's determined site instance
for the new page as it should belong to an existing browsing instance when the
navigation was triggered by window.open().

fixes 8100.

* Revert "fix: use Chromium's determined new site instance as candidate when navigating."

This reverts commit eb95f935654a2c4d4457821297670836c10fdfd5.

* fix: delegate site instance creation back to content when sandboxed.

* fix: ensure site isolation is on

* test: adapt ut for cross-site navigation

* fix: register pending processes during a navigation.

* refactor: dont call loadURL for a window constructed from an existing webContents.

* test: add sandboxed affinity UT's.

* fix: check affinity before deciding if to force a new site instance.

* chore: adapt subsequent patch.

* refactor: constify logically const methods.

* fix: do not reuse site instances when navigation redirects cross-site.

* test: ensure localStorage accessible after x-site redirect.

* test: adapt localStorage acess denied UT for site isolation.

* fix: do not send render-view-deleted for speculative frames.

* chore: amend tests after rebase.

* test: add ut for webContents' render-view-deleted emission

* fix: introduce current-render-view-deleted for current RVH's deletions.

Revert render-view-deleted to being emitted with any RVH's deletion.
current-render-view-deleted is emitted only when the RVH being deleted
is the current one.

* refactor: style and comments fixed.
2018-12-05 17:03:39 +09:00