* refactor: clean up webFrame implementation to use gin wrappers
The previous implementation of webFrame in the renderer process leaked
sub-frame contexts and global objects across the context boundaries thus
making it possible for apps to either maliciously or accidentally
violate the contextIsolation boundary.
This re-implementation binds all methods in native code directly to
content::RenderFrame instances instead of relying on JS to provide a
"window" with every method request. This is much more consistent with
the rest of the Electron codebase and is substantially safer.
* chore: un-re-order for ease of review
* chore: pass isolate around instead of ErrorThrower
* chore: fix rebase typo
* chore: remove unused variables
* Use std::forward_list instead of base::LinkedList for better perf,
more consistent memory management. Better than std::list because we
don't need the double-linked-list behavior of std::list
* Use std::unordered_map instead of std::map for the v8 hash table
base::LinkedList does not delete its members on destruction. We need to
manually ensure the linkedlist is empty when the ObjectCache is
destroyed.
Fixes#27039
Notes: Fixed memory leak when sending non-primitives over the context
bridge
* feat: enable world safe JS by default
* refactor: use the ctx bridge to send executeJavaScript results in a world safe way
* docs: add more info about the breaking change
* include default in IsEnabled check
* chore: bump chromium in DEPS to 1d6b29cd85c1c3cba093b8b69b2727cc26eaac97
* update patches
* chore: use 'libvulkan.so.1' in the linux manifests
CL: https://chromium-review.googlesource.com/c/angle/angle/+/2538430
Upstream renamed libvulkan.so to libvulkan.so.1, so sync our manifests.
* chore: update expected window-open default policy.
CL: https://chromium-review.googlesource.com/c/chromium/src/+/2429247
Upstream CL contiues the work to make `strict-origin-when-cross-origin`
the default referrer policy. This commit changes our window-open tests
to expect that policy over the previous `no-referrer-when-downgrade`.
* chore: bump chromium in DEPS to 69cb7c65ad845cdab1cd5f4256237e72fceba2dd
* chore: re-export chromium patches
No code changes; just line numbers. `git am` failed because the upstream
changes were just large enough to require patching to fail w/o fuzzing.
The broken patch was
patches/chromium/feat_allow_disabling_blink_scheduler_throttling_per_renderview.patch
* update patches
* chore: bump chromium in DEPS to c6d97a240d30e5f5166856f5ae6ee14d95b9a4f0
* update patches
* fixup! chore: update expected window-open default policy.
* chore: disallow copying CppHeapCreateParams
Experimental commit to resolve FTBS https://ci.appveyor.com/project/electron-bot/electron-ljo26/builds/36405680#L25345
which introduces a new struct CppHeapCreateParams that aggregates a
vector of unique_ptrs. Our Windows CI is unhappy that this struct
implicitly deletes its copy ctor, so this commit makes it explicit.
Xref: https://chromium-review.googlesource.com/c/v8/v8/+/2536642
* update patches
* chore: bump chromium in DEPS to 0df9a85ffa0ad4711b41a089842e40b87ba88055
* update patches
* fixup! chore: bump chromium to ac06d6903a2c981ab90a8162f1ba0 (master) (#26499)
* chore: update calls to gfx::RemoveAcceleratorChar.
The call signature for gfx::RemoveAccelerator changed in
https://chromium-review.googlesource.com/c/chromium/src/+/2546471 .
This commit updates use to match that.
* chore: bump chromium in DEPS to 43d6c496251e08d3781bfadbe9727688551f74a9
* update patches
* chore: bump chromium in DEPS to 1fb5c9825be4e2271c4fef0e802f5d970b32f62f
* update patches
* chore: bump chromium in DEPS to 8a1f078d67825e727a598b89a8924699df8d3850
* chore: bump chromium in DEPS to 28ff715b3a97d8cedc143bad671edb08b6de5fc2
* chore: update patches
* Remove most service manifest remnants from Content
https://chromium-review.googlesource.com/c/chromium/src/+/2296482
* Reland "Portals: Fix a11y for orphaned portals"
https://chromium-review.googlesource.com/c/chromium/src/+/2542812
* Convert CallbackList::Subscription to a standalone class.
https://chromium-review.googlesource.com/c/chromium/src/+/2522860
* fix: actually apply the zlib patch
* chore: bump chromium in DEPS to 75b464e6357190ca302ba9ce8f8c2bf5a3b709ae
* chore: update patches
* chore: bump chromium@b884b9b2f647c59a75f5d2055030afa33d50ca10
* chore: bump chromium in DEPS to 829261dadcefdc54ce5fdf7c5fac2929786a63ce
* chore: bump chromium in DEPS to 5df3e69605c7c0130374aaccb91fc4726a558db2
* chore: bump chromium in DEPS to 22db748d5b7b90f87e6e97ef4c92a727ac753ea4
* chore: bump chromium in DEPS to 1475df80282b7eeeb0e153d8375bfe651f083bf8
* chore: bump chromium in DEPS to 6d34fe9e9b7386edd90574617bfa4008de972d72
* chore: update patches
* Disable CertVerifierService for now
2559260: Enable CertVerifierService by default | https://chromium-review.googlesource.com/c/chromium/src/+/2559260
* Remove force_ignore_site_for_cookies until we figure out what to do instead
2499162: Remove |force_ignore_site_for_cookies| from IPCs (e.g. ResourceRequest). | https://chromium-review.googlesource.com/c/chromium/src/+/2499162
* chore: bump chromium in DEPS to 95aeb1c59ebc03d19ba077b0cd707463d1b2865e
* update patches
* Set site_for_cookies to request url so that URLLoader::ShouldForceIgnoreSiteForCookies returns true
* 2490383: a11y inspect reorg: implement accessible tree formatter factory
https://chromium-review.googlesource.com/c/chromium/src/+/2490383
* 2485887: [Extensions][web_accessible_resources] Use |matches|.
https://chromium-review.googlesource.com/c/chromium/src/+/2485887
* update v8 headers
* chore: bump chromium in DEPS to 38587dc379a8cf4d4a13e482a6e89f2fe681144e
* update patches
* 2555005: [api] Simplify ScriptOrigin
https://chromium-review.googlesource.com/c/v8/v8/+/2555005
* 2563553: Remove Flash from PermissionRequestTypes and PermissionTypes.
https://chromium-review.googlesource.com/c/chromium/src/+/2563553
* 2546146: Remove browser-hosted InterfaceProvider
https://chromium-review.googlesource.com/c/chromium/src/+/2546146
* Actually apply nan patch
* update patches
* chore: bump chromium in DEPS to 6718d4b50c9db975c5642ca5b68e8dc7ee1b7615
* update patches
* 2546146: Remove browser-hosted InterfaceProvider
https://chromium-review.googlesource.com/c/chromium/src/+/2546146
* chore: bump chromium in DEPS to 338cc300e3fe3a4cb4883e9ccdc34a32f3dfe034
* chore: bump chromium in DEPS to d9baeb1d192c23ceb1e1c4bbe6af98380b263bc1
* chore: bump chromium in DEPS to 3ca3051932683739b304e721cc394b6c66f841fe
* chore: bump chromium in DEPS to 89292a4ae29096e5313aaf19dfa0c4710145c34d
* 2571639: mac: Remove code to support OS X 10.10 in //sandbox
https://chromium-review.googlesource.com/c/chromium/src/+/2571639
* Fixup patch indices
* Do not build MTLManagedObjectAdapter
It's been removed in newer Mantle versions and uses a deprecated enum
* update patches
* Remove sendToAll
https://github.com/electron/electron/pull/26771
* 2569367: Remove dead fullscreen code in RenderWidgetHostView and friends
https://chromium-review.googlesource.com/c/chromium/src/+/2569367
* Remove deprecated performFileOperation usage
* 2568359: mac: Ignore Wdeprecated-declarations for LSSharedFileList* functions.
https://chromium-review.googlesource.com/c/chromium/src/+/2568359
* 2561401: Add OutputPresenterX11 which uses X11 present extension.
https://chromium-review.googlesource.com/c/chromium/src/+/2561401
* 2565511: [objects] Remove MakeExternal case for uncached internal strings
https://chromium-review.googlesource.com/c/v8/v8/+/2565511
* fixup: Add disconnect logic to ElectronBrowserHandlerImpl
* Allow local networking override for ATS
https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html
* Refactor: clean up rfh getters in ElectronBrowserHandlerImpl
* Update patches
* Remove unneeded BindTo
* Don't assign ElectronBrowserHandlerImpl at all
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
Co-authored-by: John Kleinschmidt <jkleinsc@github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
* feat: add worldSafe flag for executeJS results
* chore: do not log warning for webContents.executeJS
* Apply suggestions from code review
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
* chore: apply PR feedback
* chore: split logic a bit
* chore: allow primitives through the world safe checl
* chore: clean up per PR feedback
* chore: flip boolean logic
* chore: update per PR feedback
* chore: fix typo
* chore: fix spec
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
* perf: do not convert object keys in ctx bridge as they are always primitives
* Update shell/renderer/api/electron_api_context_bridge.cc
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
* refactor: port window.open and window.opener to use ctx bridge instead of hole punching
* refactor: only run the isolated init bundle when webview is enabled