Commit graph

624 commits

Author SHA1 Message Date
Milan Burda
4575a4aae3 Revert "feat: only allow bundled preload scripts (#17308)" (#18091)
This reverts commit 8cf15cc931.
2019-06-20 08:39:12 +09:00
Milan Burda
edb56500c7 refactor: piggy-back on ELECTRON_BROWSER_SANDBOX_LOAD to get content scripts (#18823) 2019-06-19 17:23:44 +02:00
Jerry Wu
d5811607eb fix: extra space in security warning message causing list misalignment (#18815) 2019-06-18 09:59:02 -07:00
Milan Burda
0af3548b55 feat: add security warning for remote module with remote content (#18822) 2019-06-17 14:21:30 -07:00
Milan Burda
c9bca78a7a refactor: use async invoke to get webPreferences in security-warnings.ts (#18821) 2019-06-17 10:57:09 -07:00
Milan Burda
deebde66f9 feat: make async webContents / <webview> methods return a Promise (#18792) 2019-06-17 12:10:02 +03:00
Milan Burda
370e9522b4 refactor: re-implement desktop-capturer in TypeScript (#18580) 2019-06-15 19:44:18 +09:00
Shelley Vohr
3309005325 chore: convert callbacks-registry to ts (#18682)
* chore: convert callbacks-registry to ts

* fix class import syntax

* move cb reg specs to spec-main
2019-06-15 17:18:25 +09:00
Shelley Vohr
ffb53405fb
chore: convert extension apis to TypeScript (#18688)
Converts extensions-related files to TS
2019-06-14 07:52:24 -07:00
Jeremy Apthorp
291ee2dafc
refactor: use the URL api to resolve urls in window setup (#18611) 2019-06-05 10:21:06 -07:00
Jeremy Apthorp
ed5fb4a720
refactor: simplify content script injection (#18532) 2019-06-04 16:07:34 -07:00
Samuel Attard
24b3d66767
refactor: remove electron.asar and embed JS in binary (#18577)
* refactor: remove electron.asar and embed JS in binary

* chore: update DEPS to merged node sha

* chore: remove unneeded eslint ignore
2019-06-03 17:03:59 -07:00
Samuel Attard
18acda7888
perf: lazily create the anchor tag used for URL resolving (#18571) 2019-06-03 01:04:21 -07:00
Samuel Attard
bc527f6b51
refactor: bundle the browser and renderer process electron code (#18553)
* refactor: bundle the browser and renderer process electron code

* Bundles browser/init and renderer/init
  * Improves load performance of main process by ~40%
  * Improves load performance of renderer process by ~30%
* Prevents users from importing our "requiring" our internal logic such
as ipc-main-internal.  This makes those message buses safer as they are
less accessible, there is still some more work to be done though to lock
down those buses completely.
* The electron.asar file now only contains 2 files, as a future
improvement maybe we can use atom_natives to ship these two files
embedded in the binary
* This also removes our dependency on browserify which had some strange
edge cases that caused us to have to hack around require-order and
stopped us using certain ES6/7 features we should have been able to use
(async / await in some files in the sandboxed renderer init script)

TLDR: Things are faster and better :)

* fix: I really do not want to talk about it

* chore: add performance improvements from debugging

* fix: resolve the provided path so webpack thinks it is absolute

* chore: fixup per PR review

* fix: use webpacks ProvidePlugin to keep global, process and Buffer alive after deletion from global scope for use in internal code

* fix: bundle worker/init as well to make node-in-workers work

* chore: update wording as per feedback

* chore: make the timers hack work when yarn is not used
2019-06-02 13:03:03 -07:00
Jeremy Apthorp
c436997840
feat: add ipcRenderer.invoke() (#18449) 2019-05-31 10:25:19 -07:00
Jeremy Apthorp
ca283c74c9 Merge remote-tracking branch 'origin/master' into roller/chromium-ad1b791122c04bd91b825fbfbdf1ff4da82a0edb-1558011686736 2019-05-21 10:07:17 -07:00
Milan Burda
af0ad4454e refactor: add invoke helpers in window-setup (#18233) 2019-05-18 20:52:29 +02:00
Nitish Sakhawalkar
cf5224140b Chrome changed the devtools url
chrome-devtools:// to devtools://
28b21a67f0
2019-05-17 16:16:25 -07:00
Milan Burda
019b31d084 chore: remove deprecated APIs (#18159) 2019-05-09 14:48:10 -04:00
Stewart Lord
d507ba68a7 fix: honor extensionId arg in chrome.runtime.connect (#16998)
The first argument to chrome.runtime.connect is extensionId, not connectInfo.
2019-05-02 11:42:04 +09:00
Milan Burda
6f5c850d60 refactor: add emitCustomEvent() helper (#17960) 2019-05-01 09:07:57 -04:00
Shelley Vohr
d87b3ead76 chore: remove promisification deprecation callbacks (#17907)
* chore: remove promisification deprecation callbacks

* update docs

* fix smoke test

* fix executejs issue

* cleanup leftovers

* fix webContents.executeJavaScript tests

* cleanup WebContents.prototype.takeHeapSnapshot

* fix "sets arbitrary webContents as devtools" test

* fix executeJavaScriptInFrame related tests
2019-04-30 07:08:32 -07:00
Cheng Zhao
a4fcc32799
feat: upgrade to Node 12 (#17838)
* fix: add boringssl backport to support node upgrade

* fix: Update node_includes.h, add DCHECK macros

* fix: Update node Debug Options parser usage

* fix: Fix asar setup

* fix: using v8Util in isolated context

* fix: make "process" available in preload scripts

* fix: use proper options parser and remove setting of _breakFirstLine

_breakFirstLine was being set on the process, but that has changed in node 12 and so is no longer needed. Node will handle it properly when --inspect-brk is provided

* chore: update node dep sha

* fix: process.binding => _linkedBinding in sandboxed isolated preload

* fix: make original-fs work with streams

* build: override node module version

* fix: use _linkedBinding in content_script/init.js

* chore: update node ref in DEPS

* build: node_module_version should be 73
2019-04-26 18:55:12 +09:00
Samuel Attard
78411db4b5
fix: maintain a ref count for objects sent over remote (#17464)
* spec: clean up after a failed window count assertion

Previously when this assertion failed all tests that ran after the
failed assertion also failed.  This ensure that the assertion fails for
the test that actually caused the issue but cleans up the left-over
windows so that future tests do not fail.

* fix: maintain a ref count for objects sent over remote

Previously there was a race condition where a GC could occur in the
renderer process between the main process sending a meta.id and the
renderer pulling the proxy out its weakmap to stop it being GC'ed.

This fixes that race condition by maintaining a "sent" ref count in the
object registry and a "received" ref count in the object cache on the
renderer side.  The deref request now sends the number of refs the
renderer thinks it owns, if the number does not match the value in the
object registry it is assumed that there is an IPC message containing a
new reference in flight and this race condition was hit.

The browser side ref count is then reduced and we wait for the new deref
message.  This guaruntees that an object will only be removed from the
registry if every reference we sent has been guarunteed to be unreffed.
2019-04-16 16:08:11 -04:00
Jeremy Apthorp
127b87c713
refactor: mojofy MessageTo and MessageHost (#17613) 2019-04-03 14:22:23 -07:00
Jeremy Apthorp
53f6cbccbf
refactor: use mojo for electron internal IPC (#17406)
* refactor: use mojo for electron internal IPC

* add sender_id, drop MessageSync

* remove usages of AtomFrameMsg_Message

* iwyu

* first draft of renderer->browser direction

* refactor to reuse a single ipc interface

* implement TakeHeapSnapshot through mojo

* the rest of the owl^WtakeHeapSnapshot mojofication

* remove no-op overrides in AtomRendererClient

* delete renderer-side ElectronApiServiceImpl when its pipe is destroyed

* looks like we don't need to overlay the renderer manifest after all

* don't try to send 2 replies to a sync rpc

* undo changes to manifests.cc

* unify sandboxed + unsandboxed ipc events

* lint

* register ElectronBrowser mojo service on devtools WebContents

* fix takeHeapSnapshopt failure paths

* {electron_api => atom}::mojom

* add send_to_all to ElectronRenderer::Message

* keep interface alive until callback is called

* review comments

* use GetContext from RendererClientBase

* robustify a test that uses window.open

* MessageSync posts a task to put sync messages in the same queue as async ones

* add v8::MicrotasksScope and node::CallbackScope

* iwyu

* use weakptr to api::WebContents instead of Unretained

* make MessageSync an asynchronous message & use non-associated interface

* iwyu + comments

* remove unused WeakPtrFactory

* inline OnRendererMessage[Sync]

* cleanups & comments

* use helper methods instead of inline lambdas

* remove unneeded async in test

* add mojo to manifests deps

* add gn check for //electron/manifests and mojo

* don't register renderer side service until preload has been run

* update gn check targets list

* move interface registration back to RenderFrameCreated
2019-04-02 15:38:16 -07:00
Samuel Attard
75442b794f
fix: make devtools extensions load correctly (#17614) 2019-03-30 17:36:13 -07:00
Milan Burda
d597a0e8b0 refactor: expose ipcRendererInternal to the main world for window-setup using the content script world pattern (#17591) 2019-03-29 18:10:21 -07:00
Samuel Attard
953d1ea635
fix: ensure dots in content script patterns aren't used as wildcards (#17593)
* fix: ensure dots in content script patterns aren't used as wildcards

* chore: sanitise all regexp special chars

* chore: extract to helper

* chore: fixup helper
2019-03-28 14:03:37 -07:00
Milan Burda
8cf15cc931 feat: only allow bundled preload scripts (#17308) 2019-03-28 11:38:51 +01:00
Milan Burda
336db33d18 refactor: use ipcMainUtils.invokeInWebContents / ipcRendererUtils.handle helpers for Chrome APIs (#17417) 2019-03-26 11:38:35 +09:00
Milan Burda
546466b209 feat: add <webview>.getWebContentsId() (#17407) 2019-03-26 10:57:27 +09:00
Milan Burda
ddd51525f1 refactor: make ELECTRON_INSPECTOR_CONTEXT_MENU handler async (#17411) 2019-03-19 10:37:43 -07:00
Milan Burda
53f4af7722 fix: regressions introduced by adding world isolation to Chrome extension content scripts (#17422) 2019-03-19 14:45:48 +01:00
Shelley Vohr
38d75010c7
chore: rename atomBinding to electronBinding (#17419) 2019-03-18 12:37:06 -07:00
Milan Burda
3a091cdea4 refactor: implement clipboard APIs without the remote module (#17200) 2019-03-15 17:32:04 -07:00
Heilig Benedek
43ef561d48 feat: enable NodeIntegrationInSubFrames for webview (#17226)
* feat: enable nodeIntegrationInSubFrames for webview

* test: add tests

* docs: document webview's nodeintegrationinsubframes

* lint: fix indent

* fix: resolve some merge bloopers
2019-03-15 10:39:20 -07:00
Milan Burda
2e89348541 feat: promisify executeJavaScript (#17312) 2019-03-14 12:08:54 -07:00
Milan Burda
faabd0cc8b refactor: add ipcMainUtils.invokeInWebContents / ipcRendererUtils.handle helpers (#17313) 2019-03-13 12:03:17 -07:00
Milan Burda
48a95f9677 fix: remove non-existent gpu-crashed event on <webview> (#17317) 2019-03-11 17:25:46 -07:00
Samuel Maddock
f943db7ad5 feat: Add content script world isolation (#17032)
* Execute content script in isolated world

* Inject script into newly created extension worlds

* Create new content_script_bundle for extension scripts

* Initialize chrome API in content script bundle

* Define Chrome extension isolated world ID range

1 << 20 was chosen as it provides a sufficiently large range of IDs for extensions, but also provides a large enough buffer for any user worlds in [1000, 1 << 20).

Ultimately this range can be changed if any user application raises it as an issue.

* Insert content script CSS into document

This now avoids a script wrapper to inject the style sheet. This closely matches the code used by chromium in `ScriptInjection::InjectCss`.

* Pass extension ID to isolated world via v8 private
2019-03-11 16:27:57 -07:00
Samuel Maddock
8ee153dae1 feat: add support for content scripts 'all_frames' option (#17258)
* feat: add support for content scripts 'all_frames' option

* merged content script tests

'all_frames' test now runs on all variants of sandbox/contentIsolation configurations :D
2019-03-08 15:53:25 -08:00
Samuel Attard
61fc95417b
build: fix new TS linting errors (#17279)
* remove unused _args var
* handle type/variable shadowing
2019-03-07 17:18:10 -08:00
Samuel Maddock
42b7b25ac3 feat: support chrome extensions in sandboxed renderer (#16218)
* Add content script injector to sandboxed renderer

* Fix 'getRenderProcessPreferences' binding to the wrong object

* Pass getRenderProcessPreferences to content-scripts-injector

* Emit document-start and document-end  events in sandboxed renderer

* Use GetContext from RendererClientBase

* Prevent script context crash caused by lazily initialization

* Remove frame filtering logic for onExit callback

Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.

* Add initial content script tests

* Add contextIsolation variants to content script tests

* Add set include

* Fix already loaded extension error

* Add tests for content scripts 'run_at' options

* Catch script injection eval error when CSP forbids it

This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.

* Fix content script tests not properly cleaning up extensions

* Fix lint and type errors
2019-03-07 16:00:28 -08:00
Milan Burda
5791a2a9ec refactor: use ipcRendererUtils.invoke / ipcMainUtils.handle for desktopCapturer.getSources() (#16619) 2019-03-07 15:31:25 -08:00
Felix Rieseberg
f3fc4023cf refactor: Port renderer/web-view to TypeScript (#17250) 2019-03-07 15:26:23 -08:00
Milan Burda
bbd1ae315a refactor: use invoke/invokeSync helpers for <webview> implementation (#16784) 2019-03-01 13:33:03 -05:00
Felix Rieseberg
59a7fa6927 refactor: Port api/web-frame to TypeScript (#17053) 2019-03-01 08:39:04 +00:00
Milan Burda
5a99ea4c46 refactor: merge ipcMainUtils.handle / handleSync (#17062) 2019-02-26 15:48:26 -08:00
Felix Rieseberg
7f007109c3 refactor: Port inspector to TypeScript (#16943)
* refactor: Port inspector to TypeScript

* refactor: Add another type to inspector

* refactor: Use correct paths

* Update lib/renderer/inspector.ts

Co-Authored-By: felixrieseberg <felix@felixrieseberg.com>

* refactor: Implement feedback <3

* refactor: Don't define blob at all

* fix: Correct type
2019-02-25 18:10:25 -08:00
ZYSzys
a40d826b11 chore: remove unused catch bindings (#16121) 2019-02-21 09:26:07 +00:00
Felix Rieseberg
91f81b4b72 refactor: Port renderer/init to TypeScript (#17027)
* refactor: Port renderer/init to TypeScript

* Update lib/renderer/init.ts

Co-Authored-By: felixrieseberg <felix@felixrieseberg.com>

* refactor: Type this a bit more loosely

* refactor: Type parseOption strictly
2019-02-19 17:05:14 +00:00
Felix Rieseberg
2223114f20 refactor: Port chrome-api to TypeScript (#17014) 2019-02-19 13:09:44 +00:00
Samuel Attard
3b74837020 refactor: Split 'Event' docs/types into more specific Event types (#17038)
* Event = Base event type (with preventDefault)
* IpcMainEvent = Event that ipcMain emits (with sender, reply, etc.)
* IpcRendererEvent = Event that ipcRenderer emits (with sender,
senderId, etc.)
* KeyboardEvent = Event that we emit with keyboard flags (ctrlKey,
altKey, etc.)

This will dramatically improve peoples TS experience with IPC events
2019-02-19 09:24:19 +00:00
Felix Rieseberg
eaa0e28396 refactor: Port content-scripts-injector to TypeScript (#17012) 2019-02-18 12:47:07 +00:00
Felix Rieseberg
596acdcb91 refactor: Port web-frame-init to TypeScript (#16934)
* refactor: Port web-frame-init to TypeScript

* refactor: Use ipcRendererInternal
2019-02-18 00:24:18 +00:00
Felix Rieseberg
6b3ff4f1f7 refactor: Port security warnings to TypeScript (#16937)
* refactor: Port security-warnings to TypeScript

* chore: make aliasify work on .ts files as well

* refactor: Implement feedback <3

* refactor: Correctly call executeJavaScript
2019-02-16 17:06:30 -08:00
Felix Rieseberg
2498e8d1c2 refactor: Port renderer-internal to TypeScript (#16939)
* chore: make aliasify work on .ts files as well

* refactor: Port ipc-renderer-internal to TypeScript

* refactor: Correctly import internal ipcRenderer

* refactor: One more rename

* refactor: Fix one more lint issue

* refactor: Correctly reference ipcRendererInternal
2019-02-14 17:24:25 -08:00
Samuel Attard
5790869a3f
chore: refactor browser IPC into TS and app API into TS (#16921)
* chore: refactor browser IPC into typescript

* chore: refactor app.ts into Typescript

* Refactors app.dock into cpp
* Removes app.launcher which has not existed for 3 years
* Removes 2 deprecated APIs (that have been deprecated for more than one
major)
* Refactors deprecate.ts as well
2019-02-14 14:29:20 -08:00
deepak1556
606c84b302 Blink: Plumb correct security origin for isolated world CSPs.
https://chromium-review.googlesource.com/c/chromium/src/+/1395190
2019-02-14 23:59:22 +05:30
Stewart Lord
84ef9cae6c fix: send chrome.runtime/tabs.sendMessage result to correct sender (#16945)
Additionally, use `.once` instead of `.on` for result specific listeners.
2019-02-14 06:07:55 -10:00
Felix Rieseberg
31494dfade refactor: Port getRemote to TypeScript (#16938)
* chore: make aliasify work on .ts files as well

* refactor: Port getRemote to TypeScript

* refactor: Implement feedback <3
2019-02-14 04:04:53 -10:00
Felix Rieseberg
6cd75744ef refactor: Port window-setup to TS (#16894)
* refactor: Port window-setup to TS

* refactor: Make the linter happy

* refactor: Sneaky little TS error

* refactor: Correctly import window-setup

* refactor: Implement feedback <3

* refactor: Allow decorators in TS

* refactor: Use named windowSetup in isolatedRenderer

* refactor: Help TS understand

* refactor: Welp, use createEvent again

* refactor: Use the correct target in the decorator
2019-02-14 03:52:38 -10:00
Felix Rieseberg
9112ad01be refactor: Port renderer-internal-utils to TypeScript (#16942)
* chore: make aliasify work on .ts files as well

* refactor: Port renderer-internal-utils to TypeScript

* refactor: Implement feedback <3
2019-02-13 23:05:49 -08:00
Stewart Lord
228805353f fix: pass result to chrome.tabs.executeScript callback (#16941)
* fix: pass result to chrome.tabs.executeScript callback

Additionally, remove `nextId` counter in favor of `originResultID` counter which is more widely used in this file.

* fix: remove need for eslint override and better match style
2019-02-13 17:00:36 -08:00
Nitish Sakhawalkar
3dfef4a376 chore: Add new webFrame IsolatedWorldInfo API and deprecate (#16801)
* chore: Add new webFrame IsolatedWorldInfo API and deprecate

* Flag deprecated methods in documentation

* address comments

* Address review comments

* remove unused variable

* Update based on review
2019-02-13 08:05:28 -10:00
Samuel Maddock
8f6a543398 feat: add chrome.runtime.getManifest (#16891)
* feat: add chrome.runtime.getManifest

* Add test for chrome.runtime.getManifest

* Use IPC utils for getManifest internals
2019-02-13 07:16:12 -10:00
Milan Burda
36ce3e9546 feat: promisify webContents.printToPDF() (#16795) 2019-02-11 09:20:04 -10:00
Milan Burda
7a3d220347 refactor: implement Chrome Extension APIs without the remote module (#16686)
* refactor: implement Chrome Extension APIs without the remote module

* remove unused potentiallyRemoteRequire
2019-02-10 10:38:14 -08:00
Cheng Zhao
d16b581140 fix: remove memory leak when using webFrame and spell checker (#16770)
* fix: do not create native api::WebFrame in webFrame

When reloading a page without restarting renderer process (for example
sandbox mode), the blink::WebFrame is not destroyed, but api::WebFrame
is always recreated for the new page context. This leaves a leak of
api::WebFrame.

* fix: remove spell checker when page context is released
2019-02-08 13:38:31 -08:00
Milan Burda
1632c4b837 refactor: implement chrome.i18n.getMessage() without the remote module (#16739)
* refactor: implement chrome.i18n.getMessage() without the remote module

* replace navigator.language with app.getLocale()
2019-02-08 12:07:09 -08:00
Milan Burda
4211a9c69f refactor: use ipcRendererUtils.invokeSync / ipcMainUtils.handleSync (#16759) 2019-02-06 09:53:28 -08:00
Milan Burda
6d674eebb1 refactor: crashReporterInit (#16729) 2019-02-05 12:56:44 -08:00
Milan Burda
7dc565fc2e refactor: implement inspector APIs without the remote module (#16607) 2019-02-01 19:56:46 +01:00
Shelley Vohr
5a35c3a279
chore: fix promisify helper (#16544)
* chore: fix promise deprecation helper

* fix deprecations

* update deprecation tests
2019-01-25 14:23:24 -08:00
Milan Burda
713df08e3e chore: remove deprecated modules internally using remote.require in sandboxed renderer context (#15957) 2019-01-24 10:53:52 -08:00
Milan Burda
fef262f829 fix: check process.isMainFrame in sandboxed_renderer/init.js (#16500) 2019-01-24 10:53:16 -08:00
Milan Burda
cc90919384 refactor: pass internal flag via IPC message struct for consistency (#16490) 2019-01-23 08:24:57 -08:00
Samuel Attard
58a6fe13d6
feat: preloads and nodeIntegration in iframes (#16425)
* feat: add support for node / preloads in subframes

This feature has delibrately been built / implemented in such a way
that it has minimum impact on existing apps / code-paths.
Without enabling the new "nodeSupportInSubFrames" option basically none of this
new code will be hit.

The things that I believe need extra scrutiny are:

* Introduction of `event.reply` for IPC events and usage of `event.reply` instead of `event.sender.send()`
* Usage of `node::FreeEnvironment(env)` when the new option is enabled in order to avoid memory leaks.  I have tested this quite a bit and haven't managed to cause a crash but it is still feature flagged behind the "nodeSupportInSubFrames" flag to avoid potential impact.

Closes #10569
Closes #10401
Closes #11868
Closes #12505
Closes #14035

* feat: add support preloads in subframes for sandboxed renderers

* spec: add tests for new nodeSupportInSubFrames option

* spec: fix specs for .reply and ._replyInternal for internal messages

* chore: revert change to use flag instead of environment set size

* chore: clean up subframe impl

* chore: apply suggestions from code review

Co-Authored-By: MarshallOfSound <samuel.r.attard@gmail.com>

* chore: clean up reply usage

* chore: fix TS docs generation

* chore: cleanup after rebase

* chore: rename wrap to add in event fns
2019-01-22 11:24:46 -08:00
Samuel Attard
ff9b23ebe5
fix: dont run window-setup on chrome:// protocol, introduced in b965e54efc (#16489) 2019-01-22 10:32:18 -08:00
Milan Burda
6cba2c50a2 feat: make ipc-message and ipc-message-sync events public (#16468) 2019-01-22 08:47:58 -08:00
Milan Burda
b965e54efc fix: <webview> not working with contextIsolation + sandbox (#16469) 2019-01-22 10:08:16 +09:00
Shelley Vohr
441c9ce376
feat: promisify desktopCapturer.getSources (#16427)
* feat: promisify desktopCapturer.getSources

* fix doc

* fix docs lint error
2019-01-18 15:29:32 -08:00
Milan Burda
7d4a1223fd feat: add preload-error event to webContents (#16411) 2019-01-18 12:03:43 +01:00
Shelley Vohr
720197f9c8
fix: correctly handle IPC for promise-based methods (#16433) 2019-01-17 12:08:54 -08:00
Robo
52fe92d02e feat: Upgrade to Chromium 71.0.3578.98 (#15966) 2019-01-11 17:00:43 -08:00
Milan Burda
fade3eb679 chore: make "nodeIntegration" and "webviewTag" default to false (#16235) 2019-01-07 22:19:27 +03:00
Milan Burda
3f1d22759a refactor: use helpers for command-line parsing in renderer/init.js (#16239) 2019-01-03 11:22:34 -05:00
Milan Burda
547097b036 security: allow to block desktopCapturer.getSources() calls (#15964)
* security: allow to block desktopCapturer.getSources() calls

* return empty instead of error

* fix: release resources of DesktopCapturer on exit
2018-12-20 11:44:30 +09:00
Milan Burda
7a6fe00f49 chore: simplify code for modules internally using remote.require in sandbox (#16104) 2018-12-17 22:47:41 +03:00
Cheng Zhao
8584c2f14b
fix: register webview in main world when using contextIsolation (#16067) 2018-12-14 15:38:35 +09:00
Cheng Zhao
897c6e93cb chore: simplify main world setup of contextIsolation (#16046) 2018-12-13 16:25:12 -05:00
Milan Burda
c65a0d90b8 chore: misc cleanup (#16037) 2018-12-12 15:31:16 -06:00
Milan Burda
177091ca6f chore: rename nativeRequire to potentiallyRemoteRequire (#15971) 2018-12-06 18:12:50 -08:00
Milan Burda
ab2a061b59 refactor: use helpers when using the remote module in sandboxed renderers (#15960) 2018-12-05 10:07:32 -08:00
Milan Burda
d561c5531b feat: deprecate modules internally using remote.require in sandboxed renderer context (#15145) 2018-12-05 10:34:09 +01:00
Milan Burda
aa2b2f7c8f fix: security: don't allow arbitrary methods to be invoked on webContents via IPC (#15919) 2018-12-04 16:12:21 +01:00
Cheng Zhao
ca7dec2082 fix: default prop of location should be empty str 2018-12-04 17:11:26 +09:00
Cheng Zhao
fc4e10b6c0 fix: set setter of window.location 2018-12-04 16:23:52 +09:00
Anrock
e80e3a53e9 feat: introduce LocationProxy for BrowserWindowProxy 2018-12-04 16:23:52 +09:00
Julien Isorce
1f55f1635f feat: add support for DesktopCapturerSource.appIcon
Useful to get the icon of the application owning the source.
Only available for sources of type window, i.e. not for screen.

https://github.com/electron/electron/issues/14845
2018-12-04 15:42:49 +09:00
Milan Burda
8483cb4aa7 security: only handle related IPCs when <webview> tag is enabled (#15859)
* refactor: move guest-view-manager related IPC handling out of rpc-server

* feat: only handle related IPCs when <webview> tag is enabled
2018-11-30 18:44:38 +09:00
Samuel Attard
fe8965efa2 fix: use sendToAll method correctly in chrome-api (#15518) 2018-11-01 07:16:49 -07:00
Cheng Zhao
a8f2646ba6 Fix missing remote object error when calling remote function created in preload script (#15444)
* fix: report wrong context error based on contextId

* fix: destroyed remote renderer warning is now async
2018-10-31 11:26:57 -04:00
Shelley Vohr
d21d83cfc8
fix: folder open not working in devtools (#15387) 2018-10-25 08:36:48 -07:00
Adam Meyer
d43ef97a7b add width to webview iframe (#15195) 2018-10-17 09:33:31 +09:00
Milan Burda
70c49b78ae fix: Memory > Profiles > Load in DevTools (#15151) 2018-10-14 17:30:49 +11:00
Milan Burda
d3efc52745 feat: add webPreferences.enableRemoteModule option (#13028) 2018-10-13 20:50:07 +03:00
Milan Burda
9177dbb584 refactor: use boolean for nodeIntegration / webviewTag (#15005) 2018-10-08 15:51:31 +02:00
Milan Burda
b50f86ef43 refactor: use separate ipc-renderer-internal / ipc-main-internal APIs for Electron internals (#13940) 2018-10-07 00:48:00 +13:00
Milan Burda
5efb0fdff1 feat: add security warnings to sandboxed renderers (#14869)
Also refactor not to use the remote module.
2018-10-03 21:36:12 +02:00
Milan Burda
3ad3ade828 refactor: add prefer-const to .eslintrc + fix errors (#14880) 2018-10-02 11:56:31 +10:00
Milan Burda
d48f9bcf7f refactor: implement <webview> methods via dedicated IPCs without the remote module (#14377) 2018-10-01 10:07:50 +09:00
Milan Burda
c61db523c7 refactor: replace var with const / let (#14866) 2018-09-29 09:17:00 +10:00
Milan Burda
b499d57cfd refactor: use error-utils for remote exception serialization / deserialization (#14788)
* refactor: use error-utils for remote exception serialization / deserialization

* fix internal process.type in sandboxed renderer
2018-09-26 15:44:55 +10:00
Samuel Attard
176a76217c
chore: have 'use strict' consistently across our lib files (#14721) 2018-09-23 00:28:50 +12:00
Samuel Attard
32a9df2940
refactor: clean up the default app implementation (#14719)
* Disable nodeIntegration
* Enable contextIsolation
* Re-implement the CSP security check to handle running in
contextIsolation
* Disable bad DCHECKS for the promise helper
* Remove the unused "-d" flag for the electron binary
* Added a way to hide the default help output for electron devs who
don't want to see it every time
2018-09-21 15:24:42 +10:00
Samuel Attard
54ef906832
[RFC] perf: use an internal module resolver to improve require performance (#14633)
* perf: use an internal module resolver instead of relative requires

* perf: memoize the results of getting exported Electron properties

* perf: make internal module changes consistent across sandboxed / bundled files
2018-09-20 13:43:26 +10:00
Samuel Attard
558fff69e7
chore: update to standard 12 2018-09-14 14:57:01 +10:00
Milan Burda
0821edc843 refactor: cleanup web-frame-init.js (#14516)
* refactor: add error-utils.js

* fix exception handling for asyncWebFrameMethods

* remove dead code

* handle exceptions

* rename rehydratedError to deserializedError

* Revert "handle exceptions"

This reverts commit 396b179948b137f9e525e9ebba4f7c6e9bf19429.
2018-09-11 19:56:00 +10:00
Milan Burda
38419e3a6a chore: address TODO for WebContents.prototype.setSize / reportRemovedAttribute removal (#14517)
* chore: remove WebContents.prototype.setSize

* chore: remove reportRemovedAttribute

* chore: remove unused fixtures
2018-09-11 17:58:57 +10:00
Cheng Zhao
92e094c5f6 fix: manually manage WebContents of webview when it is detached 2018-09-07 15:47:58 +09:00
Charles Kerr
c5820bfabb
fix: don't use deprecated fstatNoException API (#14463) 2018-09-06 13:06:32 -05:00
Cheng Zhao
10176c71ff
fix: webview.focus() should move page focus to webview (#14427) 2018-09-03 11:41:54 +09:00
Cheng Zhao
0ecea96048 fix: use flexbox to style webview (#14400)
* fix: use flexbox to style webview

* docs: remove notes on browserplugin based webview
2018-09-01 08:53:13 +12:00
Milan Burda
3a79eacb6f refactor: don't expose CallbacksRegistry as an internal module (#14389) 2018-08-31 11:29:00 -07:00
Samuel Attard
1b7418fb7b
Revert "sec: deprecate some webPreference defaults to be secure-by-default (#14284)" (#14380)
This reverts commit 66d6ba8689.
2018-08-30 09:57:49 +12:00
Samuel Attard
66d6ba8689 sec: deprecate some webPreference defaults to be secure-by-default (#14284)
* feat: deprecate default value of nodeIntegration

* Use DeprecationStatus::Stable as the default instead of shadowing

* change wording of deprecations

* chore: also deprecate kWebviewTag and kContextIsolation

* chore: do as we preach, lets be secure-by-default in the default app
2018-08-29 13:14:04 -05:00
John Kleinschmidt
865435c491
Merge pull request #14287 from electron/miniak/ipc-refactoring
refactor: move common logic to handleRemoteCommand (rpc-server.js)
2018-08-28 17:06:38 -04:00
Cheng Zhao
459a2304b4 fix: emit focus/blur events for webview (#14344)
* fix: emit focus/blur events for webview

* test: webview can emit focus event
2018-08-28 13:35:44 -05:00
Milan Burda
28e4fcea3b refactor: move common logic to handleRemoteCommand 2018-08-27 21:06:03 +02:00
Milan Burda
c23e7fa101 refactor: implement ipcRenderer.sendTo in native code for better performance (#14285) 2018-08-24 14:14:39 -07:00
Cheng Zhao
6736d4ef29
fix: do not bubble up resize event from webview (#14271) 2018-08-23 15:42:35 +09:00
Cheng Zhao
cd8bb1d3b4
chore: print error when removed webview attribute is used (#14230)
* chore: print error when removed webview attribute is used

* docs: document removed webview features
2018-08-23 10:45:43 +09:00
Cheng Zhao
dd5b8769be fix: use OOPIF for webview tag (#13869)
* fix: use OOIF for webview tag

* fix: do not call GetNativeView for webview

* fix: OOIPF webview's WebContents is managed by embedder frame

* fix: guest view can not be focused

* fix: clear zoom controller when guest is destroyed

* fix: implement the webview resize event

The webview is no longer a browser plugin with the resize event, use
ResizeObserver instead.

* test: disable failed tests due to OOPIF webview

* fix: embedder can be destroyed earlier than guest

This happens when embedder is manually destroyed.

* fix: don't double attach

* fix: recreate iframe when webview is reattached

* fix: resize event may happen very early

* test: some tests are working after OOPIF webview

* chore: remove unused browser plugin webview code

* fix: get embedder via closure

When the "destroyed" event is emitted, the entry in guestInstances would be
cleared.

* chore: rename browserPluginNode to internalElement

* test: make the visibilityState test more robust

* chore: guestinstance can not work with OOPIF webview

* fix: element could be detached before got response from browser
2018-08-16 15:57:40 -07:00
Charles Kerr
29f07889e6
feat: add location url to "Node.js Integration with Remote Content" warning (#13973)
* docs: fix typo

* feat: add location url to Node+Remote warning
2018-08-07 20:40:21 -05:00
Cheng Zhao
305e3aad40
refactor: remove private webContents.getId() API (#13674) 2018-07-23 18:08:36 +09:00
Cheng Zhao
9d6f1a372e
fix: create WebContents for webview on request (#13713) 2018-07-21 11:11:28 +09:00
Cheng Zhao
e2029435c4 fix: use context counter as contextId
For sandboxed renderer it may not have a node::Environment in the context,
using a increasing counter as contextId works for all cases.
2018-07-19 11:00:10 -07:00
Shelley Vohr
6045d1218a
refactor: remove experimentalCanvasFeatures property (#13684) 2018-07-16 13:32:42 -07:00
Felix Rieseberg
deedf6c3f4 feat: Add isCurrentlyAudible() to WebContents (#13614)
* 🔧 Add isCurrentlyAudible() to WebContents

* ❤️ Implement feedback, use await to wait for event

* 👷 Add missing imports
2018-07-12 21:35:11 +10:00
Cheng Zhao
4cdb1b8fc3 fix double-freeing remote references
After the page does navigations, garbage collection can still happen in
the old context. This commit changes to store references to remote objects
by _pages_, instead of by _WebContents_.
2018-07-12 10:44:26 +09:00
deepak1556
7b47d69efe Remove did-get-response-details and did-get-redirect-request events
https://chromium-review.googlesource.com/c/chromium/src/+/805008
https://chromium-review.googlesource.com/c/chromium/src/+/786320
2018-06-19 11:49:41 +10:00
Alexey Kuzmin
dee9aef975 Add "enable_desktop_capturer" build flag (#13133)
* Make it possible to disable a module for a renderer

* Put DesktopCapturer API under a build flag

The name is "enable_desktop_capturer".
Enabled by default.
2018-06-13 11:15:34 -05:00
Thiago de Arruda
6ff111a141 perf: don't use JSON to send the result of ipcRenderer.sendSync. (#8953)
* Don't use JSON to send the result of `ipcRenderer.sendSync`.

- Change the return type of AtomViewHostMsg_Message_Sync from `base::string16`
  to `base::ListValue`
- Adjust lib/browser/api/web-contents.js and /lib/renderer/api/ipc-renderer.js
  to wrap/unwrap return values to/from array, instead of
  serializing/deserializing JSON.

This change can greatly improve `ipcRenderer.sendSync` calls where the return
value contains Buffer instances, because those are converted to Array before
being serialized to JSON(which has no efficient way of representing byte
arrays).

A simple benchmark where remote.require('fs') was used to read a 16mb file got
at least 5x faster, not to mention it used a lot less memory.  This difference
tends increases with larger buffers.

* Don't base64 encode Buffers

* Don't allocate V8ValueConverter on the heap

* Replace hidden global.sandbox with NodeBindings::IsInitialized()

* Refactoring: check NodeBindings::IsInitialized() in V8ValueConverter

* Refactor problematic test to make it more reliable

* Add tests for NaN and Infinity
2018-06-13 17:38:31 +10:00
Charles Kerr
b89fe86fa1
Merge pull request #13050 from electron/3.0.0-deprecations
chore: removal of 3.0.0 deprecations
2018-05-30 09:25:36 +02:00
Milan Burda
4cfe5ecaa4 add proper support for typed arrays in remote (#13055) 2018-05-24 21:05:46 +09:00
Shelley Vohr
322a303683
address changes from review 2018-05-23 15:57:58 -07:00
Shelley Vohr
5f5322c64e
rename blinkFeatures to enableBlinkFeatures 2018-05-23 14:01:34 -07:00
Thiago de Arruda
6f076f7433 Refactor sandbox preload initialization. (#12877)
Use a single synchronous IPC call to retrieve data required by early
sandbox scripts. This has two purposes:

- Optimize preload script initialization by:
  - Using one synchronous IPC call to retrieve preload script,
  webContentsId (more on that later), process.{platform,execPath,env}
  - Lazy loading as many modules as possible.
- Fix #12316 for sandbox. @MarshallOfSound addressed the issue in
  #12342, but it was still present in sandbox mode. By loading
  webContentsId very early and skipping remote module at early
  startup, we fix it for sandbox.
2018-05-21 22:56:05 +10:00
biuuu
86d023b02f fix: listeners out of limit warning (#12841)
When the Chrome Extension has too many content scripts (above default
10 counts), there will be a warning: possible EventEmitter memory leak
detected. 11 listeners added.
2018-05-08 14:10:11 +09:00
bughit
55a7f6f0ce add did-frame-navigate event to WebContents (#12723)
* add did-frame-navigate event to WebContents, pass http response code to it and did-navigate

* docs for frame routing id related api changes on WebFrame and WebContents
2018-05-01 13:34:41 +09:00
bughit
4fcd178c36 expose WebFrame#routingId (#12614)
* expose WebFrame#routingId and pass it to WebContents frame specific events along with frameProcessId; add WebContets.did-start-navigation event
* fix compilation error on ia32 Windows
2018-04-26 19:17:55 +09:00
Tatsuya Hiroishi
9c65abd746 handle remote exception (#12694)
* add cause property to exception in callFunction

* update exceptionToMeta function

* add sender argument
* and cause property to return value

* update exception convert in metaToValue function

* add from and cause properties to the exception error

* unit test for remote exception
2018-04-24 08:40:19 -04:00
Nitish Sakhawalkar
2579071b98 Deprecate did-get-response-details and did-get-redirect-request (#12615)
* Deprecate webContents events did-get-response-details and did-get-redirect-request.

* Update guest view files

* Update webview tag docs and update specs

* Update deprecate.event function

* Update comment

* Update more

* Update documentation for other deprecated event
2018-04-23 14:46:12 -05:00
Jeremy Apthorp
97fb15ac49 Enable WebFrame method forwarding in sandboxed renderers (#12538)
* Enable WebFrame method forwarding in sandboxed renderers

Fixes #9073

* Non-change to kick CI
2018-04-12 11:57:40 +10:00
Andrew MacDonald
6bfb122cd1 Add a display_id parameter to the desktopCapturer API. (#12417)
* Add a screen_api_id parameter to the desktopCapturer API.

When using the DirectX capturer on Windows, there was previously no way
to associate desktopCapturer/getUserMedia and electron.screen API
screens. This new parameter provides the association.

* Fix non-Windows build.

* Fix Mac.

* Fix Mac harder.

* JS lint

* clang-format C++ code.

* IWYU

* display_id, Linux comment, better test

* lint

* Fix tests on Linux.

* Add display_id documentation.
2018-04-09 14:43:35 +09:00
Samuel Attard
0ac883c6d4
Remove the race condition between new process creation and context release (#12342)
* Remove the race condition between new process creation and old process releasing remote context

Previously there was a race condition where the getId() method would return the new context ID even
though the release was for the old context.  This changes it to send the "initial" context ID with
the release message to ensure there is no race.

* fetch context ID from remote in sandbox mode
2018-03-20 15:54:47 +11:00
Felix Rieseberg
243ab45111 🔧 Fix security warning (#12309) 2018-03-16 06:21:38 +09:00
Charles Kerr
c2673aa970 Set appropriate defaults for webview options (#12271)
* Persist defaults to webPreferences object to JS land can read the inferred values instead of just user defined values

* Test inherited default propogation

* Refactor to remove coupling from fetching values and defaults

* Test description type

* Fix up tests
2018-03-15 13:56:46 +09:00
Shelley Vohr
9aeb61181a Fix require on network share path (#12282)
* first pass at server/network require fix

* refactor for clarity
2018-03-15 11:45:13 +09:00
Felix Rieseberg
71795ecc62 fix: Incorrect warnings in webviews (#12234)
* 🔧 Get correct webContents

* 🔧 Err, webPreferences
2018-03-13 10:55:32 +09:00
Samuel Attard
795447f61a Implement dialog (alert/confirm) blocking as a user switch after the first dialog
* This is to enable more browser-like behavior so that users who run third-party code
  will not be DOS'ed with alerts and confirms.  This is already handled like this
  in most major browsers so this will greatly help these developers
2018-03-06 11:19:15 +09:00
John Kleinschmidt
2a97e48465
Merge pull request #11968 from electron/refactor-menu-popup
Refactor menu.popup
2018-02-21 14:29:52 -05:00
Charles Kerr
708f39a1a5 update a few menu.popup() calls to use the new API 2018-02-20 14:02:24 -06:00
Shelley Vohr
211b542ae4
remove setZoomLevelLimits 2018-02-20 08:57:48 -05:00
Felix Rieseberg
d586ef2f39 feature: Hot security tips (#11810)
* 🔧 Add security issue detection (and logs)

* 🔧 Check for it on load

* 👷 Add some tests

* 👷 Make the linter happy

* 🔧 Allow them to be enabled by force

* 📝 Make message slightly prettier

* 🔧 Fix a typo in the code comment

* 🔧 Classic mistake

* 🚀 Optimize things a bit more

* 👷 Add tests, fix tests

* 📝 Document things

* 🔧 Make linter happy

* 🔧 One more piece of cleanup
2018-02-03 07:50:12 -07:00
Shelley Vohr
b74304145e
createShadowRoot => attachShadow 2018-01-31 19:29:23 -05:00
Zhuo Lu
d45914c3f7 MenuItem roles camelCase-compatible 2017-12-28 13:28:20 +08:00
Cheng Zhao
cb3a9c69ab Add a SessionPreferences to manage session related data
By design the BrowserClient should not be aware of the api:: classes.
2017-12-05 15:59:15 +09:00
Samuel Attard
d9359d8b6c s/global/session in constants 2017-12-05 11:35:53 +09:00
Samuel Attard
d2707315e6 s/global/session 2017-12-05 11:35:53 +09:00
Samuel Attard
0ddd078aaf Add ability to set global preload scripts 2017-12-05 11:35:27 +09:00
Cheng Zhao
59476f0b30 Create webContents for webview even when src is not set 2017-12-01 10:35:23 +09:00
Felix Rieseberg
f7d6e3fa7b 🔧 Disable standard/no-callback-literal where necessary 2017-11-23 13:53:03 -08:00
Charles Kerr
5eb00e45aa
Merge pull request #11158 from electron/execute-errors
fix: Pass on errors thrown in `executeJavaScript`
2017-11-20 09:14:05 -06:00
Ronald Eddy
14c6e78147 Update electron.atom.io -> electronjs.org
Update electron.atom.io -> electronjs.org to reduce redirects and speed navigation.
2017-11-19 04:01:33 -08:00
Felix Rieseberg
1dea186a6e :thinking_face: What if you could return an Error? 2017-11-18 00:50:53 -08:00
Shelley Vohr
8736a41cfb
Merge pull request #10909 from electron/update_remote
Simplify and remove excess code from remote module
2017-11-03 09:16:28 -04:00
Shelley Vohr
803fa35484
fix null value check 2017-11-03 08:47:21 -04:00
Shelley Vohr
2b2c7d7f9f
fix object serialization test issue 2017-11-02 21:29:17 -04:00
Shelley Vohr
5c318932c2
add some structural changes 2017-11-02 21:07:40 -04:00
Charles Kerr
1c09dede1a singletons that are retroactively turned into EventEmitters should call the EventEmitter ctor 2017-11-01 23:05:27 -05:00
John Kleinschmidt
beb06c0787 Merge pull request #10537 from qazbnm456/improve-content_scripts.css
[Security] Use textContent instead innerHTML to remediate DOM based XSS
2017-10-26 11:51:43 -04:00
Shelley Vohr
5f6f117bad
changes from review 2017-10-25 23:41:11 -04:00
Shelley Vohr
d4880b135a
revert ipc lookup table 2017-10-25 15:36:16 -04:00
Shelley Vohr
c0f2a7b44a
fix standard issues 2017-10-25 09:56:02 -04:00
Shelley Vohr
f129622446
clean up remote 2017-10-25 09:51:21 -04:00
Shelley Vohr
7593bec687
update reviewed items 2017-10-24 19:36:06 -04:00
Shelley Vohr
b58ceae69c
appease linter gods 2017-10-24 12:28:15 -04:00
Shelley Vohr
43e118fe45
update desktop capturer and remove unnessary vars 2017-10-24 12:01:51 -04:00
Felix Rieseberg
2bd8877be3 🔧 String comparison 2017-10-07 08:26:32 -07:00
Felix Rieseberg
63749e281d 🔧 Linters gotta lint 2017-10-06 13:36:54 -07:00
Felix Rieseberg
11ac780caf 🔧 Add security warning 2017-10-06 13:02:54 -07:00
Boik
16499358b3 fix lint 2017-09-17 14:09:12 +08:00
Boik
d86724f17a code improvement 2017-09-17 13:56:22 +08:00
Boik
26e6f2c46c use textContent instead innerHTML to remediateDOM based XSS vulnerbilities 2017-09-17 11:27:03 +08:00
Alexandre Lachèze
e1a232e7c8 Add support for css in content_scripts 2017-09-14 17:23:33 +09:00
Cheng Zhao
bd87982b5c Merge pull request #10075 from alexstrat/fix/fix-content_scripts-match
Fix content scripts matches
2017-07-24 15:27:55 +09:00
Cheng Zhao
25f168cecb Merge pull request #9951 from alexstrat/fix-chrome-storage
Fix chrome storage access scope
2017-07-24 14:01:15 +09:00