* refactor: use mojo for electron internal IPC
* add sender_id, drop MessageSync
* remove usages of AtomFrameMsg_Message
* iwyu
* first draft of renderer->browser direction
* refactor to reuse a single ipc interface
* implement TakeHeapSnapshot through mojo
* the rest of the owl^WtakeHeapSnapshot mojofication
* remove no-op overrides in AtomRendererClient
* delete renderer-side ElectronApiServiceImpl when its pipe is destroyed
* looks like we don't need to overlay the renderer manifest after all
* don't try to send 2 replies to a sync rpc
* undo changes to manifests.cc
* unify sandboxed + unsandboxed ipc events
* lint
* register ElectronBrowser mojo service on devtools WebContents
* fix takeHeapSnapshopt failure paths
* {electron_api => atom}::mojom
* add send_to_all to ElectronRenderer::Message
* keep interface alive until callback is called
* review comments
* use GetContext from RendererClientBase
* robustify a test that uses window.open
* MessageSync posts a task to put sync messages in the same queue as async ones
* add v8::MicrotasksScope and node::CallbackScope
* iwyu
* use weakptr to api::WebContents instead of Unretained
* make MessageSync an asynchronous message & use non-associated interface
* iwyu + comments
* remove unused WeakPtrFactory
* inline OnRendererMessage[Sync]
* cleanups & comments
* use helper methods instead of inline lambdas
* remove unneeded async in test
* add mojo to manifests deps
* add gn check for //electron/manifests and mojo
* don't register renderer side service until preload has been run
* update gn check targets list
* move interface registration back to RenderFrameCreated
* fix: ensure dots in content script patterns aren't used as wildcards
* chore: sanitise all regexp special chars
* chore: extract to helper
* chore: fixup helper
* Execute content script in isolated world
* Inject script into newly created extension worlds
* Create new content_script_bundle for extension scripts
* Initialize chrome API in content script bundle
* Define Chrome extension isolated world ID range
1 << 20 was chosen as it provides a sufficiently large range of IDs for extensions, but also provides a large enough buffer for any user worlds in [1000, 1 << 20).
Ultimately this range can be changed if any user application raises it as an issue.
* Insert content script CSS into document
This now avoids a script wrapper to inject the style sheet. This closely matches the code used by chromium in `ScriptInjection::InjectCss`.
* Pass extension ID to isolated world via v8 private
* feat: add support for content scripts 'all_frames' option
* merged content script tests
'all_frames' test now runs on all variants of sandbox/contentIsolation configurations :D
* Add content script injector to sandboxed renderer
* Fix 'getRenderProcessPreferences' binding to the wrong object
* Pass getRenderProcessPreferences to content-scripts-injector
* Emit document-start and document-end events in sandboxed renderer
* Use GetContext from RendererClientBase
* Prevent script context crash caused by lazily initialization
* Remove frame filtering logic for onExit callback
Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.
* Add initial content script tests
* Add contextIsolation variants to content script tests
* Add set include
* Fix already loaded extension error
* Add tests for content scripts 'run_at' options
* Catch script injection eval error when CSP forbids it
This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.
* Fix content script tests not properly cleaning up extensions
* Fix lint and type errors
* refactor: Port inspector to TypeScript
* refactor: Add another type to inspector
* refactor: Use correct paths
* Update lib/renderer/inspector.ts
Co-Authored-By: felixrieseberg <felix@felixrieseberg.com>
* refactor: Implement feedback <3
* refactor: Don't define blob at all
* fix: Correct type
* refactor: Port renderer/init to TypeScript
* Update lib/renderer/init.ts
Co-Authored-By: felixrieseberg <felix@felixrieseberg.com>
* refactor: Type this a bit more loosely
* refactor: Type parseOption strictly
* refactor: Port security-warnings to TypeScript
* chore: make aliasify work on .ts files as well
* refactor: Implement feedback <3
* refactor: Correctly call executeJavaScript
* chore: make aliasify work on .ts files as well
* refactor: Port ipc-renderer-internal to TypeScript
* refactor: Correctly import internal ipcRenderer
* refactor: One more rename
* refactor: Fix one more lint issue
* refactor: Correctly reference ipcRendererInternal
* chore: refactor browser IPC into typescript
* chore: refactor app.ts into Typescript
* Refactors app.dock into cpp
* Removes app.launcher which has not existed for 3 years
* Removes 2 deprecated APIs (that have been deprecated for more than one
major)
* Refactors deprecate.ts as well
* refactor: Port window-setup to TS
* refactor: Make the linter happy
* refactor: Sneaky little TS error
* refactor: Correctly import window-setup
* refactor: Implement feedback <3
* refactor: Allow decorators in TS
* refactor: Use named windowSetup in isolatedRenderer
* refactor: Help TS understand
* refactor: Welp, use createEvent again
* refactor: Use the correct target in the decorator
* fix: pass result to chrome.tabs.executeScript callback
Additionally, remove `nextId` counter in favor of `originResultID` counter which is more widely used in this file.
* fix: remove need for eslint override and better match style
* chore: Add new webFrame IsolatedWorldInfo API and deprecate
* Flag deprecated methods in documentation
* address comments
* Address review comments
* remove unused variable
* Update based on review
* fix: do not create native api::WebFrame in webFrame
When reloading a page without restarting renderer process (for example
sandbox mode), the blink::WebFrame is not destroyed, but api::WebFrame
is always recreated for the new page context. This leaves a leak of
api::WebFrame.
* fix: remove spell checker when page context is released
* feat: add support for node / preloads in subframes
This feature has delibrately been built / implemented in such a way
that it has minimum impact on existing apps / code-paths.
Without enabling the new "nodeSupportInSubFrames" option basically none of this
new code will be hit.
The things that I believe need extra scrutiny are:
* Introduction of `event.reply` for IPC events and usage of `event.reply` instead of `event.sender.send()`
* Usage of `node::FreeEnvironment(env)` when the new option is enabled in order to avoid memory leaks. I have tested this quite a bit and haven't managed to cause a crash but it is still feature flagged behind the "nodeSupportInSubFrames" flag to avoid potential impact.
Closes#10569Closes#10401Closes#11868Closes#12505Closes#14035
* feat: add support preloads in subframes for sandboxed renderers
* spec: add tests for new nodeSupportInSubFrames option
* spec: fix specs for .reply and ._replyInternal for internal messages
* chore: revert change to use flag instead of environment set size
* chore: clean up subframe impl
* chore: apply suggestions from code review
Co-Authored-By: MarshallOfSound <samuel.r.attard@gmail.com>
* chore: clean up reply usage
* chore: fix TS docs generation
* chore: cleanup after rebase
* chore: rename wrap to add in event fns
* Disable nodeIntegration
* Enable contextIsolation
* Re-implement the CSP security check to handle running in
contextIsolation
* Disable bad DCHECKS for the promise helper
* Remove the unused "-d" flag for the electron binary
* Added a way to hide the default help output for electron devs who
don't want to see it every time
* perf: use an internal module resolver instead of relative requires
* perf: memoize the results of getting exported Electron properties
* perf: make internal module changes consistent across sandboxed / bundled files
* feat: deprecate default value of nodeIntegration
* Use DeprecationStatus::Stable as the default instead of shadowing
* change wording of deprecations
* chore: also deprecate kWebviewTag and kContextIsolation
* chore: do as we preach, lets be secure-by-default in the default app
* fix: use OOIF for webview tag
* fix: do not call GetNativeView for webview
* fix: OOIPF webview's WebContents is managed by embedder frame
* fix: guest view can not be focused
* fix: clear zoom controller when guest is destroyed
* fix: implement the webview resize event
The webview is no longer a browser plugin with the resize event, use
ResizeObserver instead.
* test: disable failed tests due to OOPIF webview
* fix: embedder can be destroyed earlier than guest
This happens when embedder is manually destroyed.
* fix: don't double attach
* fix: recreate iframe when webview is reattached
* fix: resize event may happen very early
* test: some tests are working after OOPIF webview
* chore: remove unused browser plugin webview code
* fix: get embedder via closure
When the "destroyed" event is emitted, the entry in guestInstances would be
cleared.
* chore: rename browserPluginNode to internalElement
* test: make the visibilityState test more robust
* chore: guestinstance can not work with OOPIF webview
* fix: element could be detached before got response from browser
After the page does navigations, garbage collection can still happen in
the old context. This commit changes to store references to remote objects
by _pages_, instead of by _WebContents_.
* Make it possible to disable a module for a renderer
* Put DesktopCapturer API under a build flag
The name is "enable_desktop_capturer".
Enabled by default.
* Don't use JSON to send the result of `ipcRenderer.sendSync`.
- Change the return type of AtomViewHostMsg_Message_Sync from `base::string16`
to `base::ListValue`
- Adjust lib/browser/api/web-contents.js and /lib/renderer/api/ipc-renderer.js
to wrap/unwrap return values to/from array, instead of
serializing/deserializing JSON.
This change can greatly improve `ipcRenderer.sendSync` calls where the return
value contains Buffer instances, because those are converted to Array before
being serialized to JSON(which has no efficient way of representing byte
arrays).
A simple benchmark where remote.require('fs') was used to read a 16mb file got
at least 5x faster, not to mention it used a lot less memory. This difference
tends increases with larger buffers.
* Don't base64 encode Buffers
* Don't allocate V8ValueConverter on the heap
* Replace hidden global.sandbox with NodeBindings::IsInitialized()
* Refactoring: check NodeBindings::IsInitialized() in V8ValueConverter
* Refactor problematic test to make it more reliable
* Add tests for NaN and Infinity
Use a single synchronous IPC call to retrieve data required by early
sandbox scripts. This has two purposes:
- Optimize preload script initialization by:
- Using one synchronous IPC call to retrieve preload script,
webContentsId (more on that later), process.{platform,execPath,env}
- Lazy loading as many modules as possible.
- Fix#12316 for sandbox. @MarshallOfSound addressed the issue in
#12342, but it was still present in sandbox mode. By loading
webContentsId very early and skipping remote module at early
startup, we fix it for sandbox.
When the Chrome Extension has too many content scripts (above default
10 counts), there will be a warning: possible EventEmitter memory leak
detected. 11 listeners added.
* add did-frame-navigate event to WebContents, pass http response code to it and did-navigate
* docs for frame routing id related api changes on WebFrame and WebContents
* expose WebFrame#routingId and pass it to WebContents frame specific events along with frameProcessId; add WebContets.did-start-navigation event
* fix compilation error on ia32 Windows
* add cause property to exception in callFunction
* update exceptionToMeta function
* add sender argument
* and cause property to return value
* update exception convert in metaToValue function
* add from and cause properties to the exception error
* unit test for remote exception
* Add a screen_api_id parameter to the desktopCapturer API.
When using the DirectX capturer on Windows, there was previously no way
to associate desktopCapturer/getUserMedia and electron.screen API
screens. This new parameter provides the association.
* Fix non-Windows build.
* Fix Mac.
* Fix Mac harder.
* JS lint
* clang-format C++ code.
* IWYU
* display_id, Linux comment, better test
* lint
* Fix tests on Linux.
* Add display_id documentation.
* Remove the race condition between new process creation and old process releasing remote context
Previously there was a race condition where the getId() method would return the new context ID even
though the release was for the old context. This changes it to send the "initial" context ID with
the release message to ensure there is no race.
* fetch context ID from remote in sandbox mode
* Persist defaults to webPreferences object to JS land can read the inferred values instead of just user defined values
* Test inherited default propogation
* Refactor to remove coupling from fetching values and defaults
* Test description type
* Fix up tests
* This is to enable more browser-like behavior so that users who run third-party code
will not be DOS'ed with alerts and confirms. This is already handled like this
in most major browsers so this will greatly help these developers
* 🔧 Add security issue detection (and logs)
* 🔧 Check for it on load
* 👷 Add some tests
* 👷 Make the linter happy
* 🔧 Allow them to be enabled by force
* 📝 Make message slightly prettier
* 🔧 Fix a typo in the code comment
* 🔧 Classic mistake
* 🚀 Optimize things a bit more
* 👷 Add tests, fix tests
* 📝 Document things
* 🔧 Make linter happy
* 🔧 One more piece of cleanup
Chromium already includes the necessary plumbing to manage the
visibility properties and `visibilitychange` event so this gets rid of
most of our custom logic for `BrowserWindow` and `BrowserView`.
Note that `webview` remains unchanged and is still affected by the issues
listed below.
User facing changes:
- The `document` visibility properties and `visibilitychange` event are
now also updated/fired in response to occlusion changes on macOS. In
other words, `document.visibilityState` will now be `hidden` on macOS
if the window is occluded by another window.
- Previously, `visibilitychange` was also fired by *both* Electron and
Chromium in some cases (e.g. when hiding the window). Now it is only
fired by Chromium so you no longer get duplicate events.
- The visiblity state of `BrowserWindow`s created with `{ show: false }`
is now initially `visible` until the window is shown and hidden.
- The visibility state of `BrowserWindow`s with `backgroundThrottling`
disabled is now permanently `visible`.
This should also fix#6860 (but not for `webview`).
In addition to listening for "render-view-deleted", listen for
"ELECTRON_BROWSER_CONTEXT_RELEASE" synchronous message, which is sent by the
remote module when the page is about to be navigated.
This is required to allow child windows running in the same renderer to
correctly manage remote object references, since `render-view-deleted` is only
called when the renderer exits.
Close#9387