Commit graph

501 commits

Author SHA1 Message Date
Samuel Attard
0090616f7b
feat: add a new contextBridge module (#20307)
* feat: add a new contextBridge module

* chore: fix docs linting

* feat: add support for function arguments being proxied

* chore: ensure that contextBridge can only be used when contextIsolation is enabled

* docs: getReverseBinding can be null

* docs: fix broken links in md file

* feat: add support for promises in function parameters

* fix: linting failure for explicit constructor

* Update atom_api_context_bridge.cc

* chore: update docs and API design as per feedback

* refactor: remove reverse bindings and handle GC'able functions across the bridge

* chore: only expose debugGC in testing builds

* fix: do not proxy promises as objects

* spec: add complete spec coverage for contextBridge

* spec: add tests for null/undefined and the anti-overwrite logic

* chore: fix linting

* spec: add complex nested back-and-forth function calling

* fix: expose contextBridge in sandboxed renderers

* refactor: improve security of default_app using the new contextBridge module

* s/bindAPIInMainWorld/exposeInMainWorld

* chore: sorry for this commit, its a big one, I fixed like everything and refactored a lot

* chore: remove PassedValueCache as it is unused now

Values transferred from context A to context B are now cachde in the RenderFramePersistenceStore

* chore: move to anonymous namespace

* refactor: remove PassValueToOtherContextWithCache

* chore: remove commented unused code blocks

* chore: remove .only

* chore: remote commented code

* refactor: extract RenderFramePersistenceStore

* spec: ensure it works with numbered keys

* fix: handle number keys correctly

* fix: sort out the linter

* spec: update default_app asar spec for removed file

* refactor: change signatures to return v8 objects directly rather than the mate dictionary handle

* refactor: use the v8 serializer to support cloneable buffers and other object types

* chore: fix linting

* fix: handle hash collisions with a linked list in the map

* fix: enforce a recursion limit on the context bridge

* chore: fix linting

* chore: remove TODO

* chore: adapt for PR feedback

* chore: remove .only

* chore: clean up docs and clean up the proxy map when objects are released

* chore: ensure we cache object values that are cloned through the V8 serializer
2019-10-18 12:57:09 -07:00
Milan Burda
b29f0b9348 refactor: use Map for windowProxies in window-setup.ts (#20600) 2019-10-17 15:07:27 +02:00
Milan Burda
5273930f76 refactor: use Map for callbacks in CallbacksRegistry (#20565) 2019-10-15 09:14:41 -07:00
Milan Burda
b92163d226 refactor: take advantage of structured clone algorithm in the remote module (#20427) 2019-10-10 09:59:08 -04:00
Milan Burda
ccff140046 feat: add --enable-api-filtering-logging commandline switch (#20335) 2019-10-04 10:49:09 -07:00
Milan Burda
d090b0cd2d perf: only access remote module when <webview>.getWebContents() is called (#20272) 2019-09-20 08:54:16 -07:00
Milan Burda
11cd0db86b build: add enable_remote_module build flag (#19821) 2019-09-18 09:52:06 -07:00
Milan Burda
81e9dab52f refactor: replace ipcRendererUtils.invoke() with ipcRendererInternal.invoke() (#19574) 2019-08-23 15:45:50 -07:00
Milan Burda
7825d043f2 refactor: unify module-list format and exports/electron (#19697) 2019-08-23 11:18:58 +02:00
Cheng Zhao
49fe2604b3 Revert "fix: activate the uv_loop on incoming IPC messages (#19449)" (#19727)
This reverts commit 8028c57b42.
2019-08-13 14:03:25 -07:00
Milan Burda
3011a0f14f refactor: convert ipc-renderer.ts to TypeScript (#19556)
* refactor: convert ipc-renderer.ts to TypeScript

* Update typings/internal-ambient.d.ts

Co-Authored-By: Samuel Attard <sattard@slack-corp.com>
2019-08-02 14:35:04 -05:00
Jeremy Apthorp
c71cdce0b7
chore: disable JS impl when //extensions support is on (#19512) 2019-07-31 14:25:41 -07:00
Milan Burda
8a33118e36 fix: refactoring regression in LocationProxy (#19495) 2019-07-29 11:20:19 -07:00
Samuel Attard
8028c57b42
fix: activate the uv_loop on incoming IPC messages (#19449) 2019-07-25 13:10:14 -07:00
Milan Burda
c79613b037 chore: convert more files to TypeScript (#18820) 2019-07-17 10:23:52 -07:00
Samuel Attard
6d5e494782 fix: serialize messages being sent over chrome message ports (#19104)
Chrome appears to serialize these messages (see #19070) so we should as
well to be consistent and to avoid bugs with Uint8/16 arrays

Fixes #19070
2019-07-15 19:05:09 +09:00
Ian Sanders
079a173a72 feat: add stack trace log to preload script error handling (#18905)
* Add console.trace to preload script error handling

* Log error directly instead of error string + trace

* Log full error object instead of error message
2019-07-14 21:54:33 -07:00
Alexandre Lacheze
e26f366405 Revert: electron/electron#14487 (#19011) 2019-07-11 17:25:26 -05:00
Milan Burda
c756b955b3 fix: revert use of IPC helpers for history due to failing test (#19189) 2019-07-11 20:25:07 +03:00
Cheng Zhao
faa2710485 fix: do not wait on promise returned by remote APIs (#18990)
* fix: make <webview>.loadURL async

* docs: webview.loadURL returns Promise
2019-07-10 08:20:28 -05:00
Milan Burda
fdbb97e876 chore: update to latest TypeScript 3.5.2 (#19133) 2019-07-09 14:44:46 +03:00
Milan Burda
419ce494e9 refactor: use IPC helpers in window-setup (#17948) 2019-07-09 02:43:49 +03:00
Milan Burda
69369cf365 refactor: don't expose isPromise as an internal module (#19139) 2019-07-08 15:17:50 +09:00
Samuel Attard
5a1b661f42
fix: use bidning.ipc instead of binding.sendTo which is undefined (#19103) 2019-07-03 16:36:44 -07:00
Jerry Wu
dee331519c fix: disable nodeIntegration & insecure resource warnings for localhost (#18814)
* fix: disable remote host nodeIntegration warning for localhost

In warnAboutNodeWithRemoteContent(), add a check to see if the hostname
is "localhost" and prevent the warning message if it is.

* fix: disable loading insecure resources warning for localhost

In warnAboutInsecureResources(), filter out resources from localhost
since they are most likely not a threat.

* test: add tests for ignoring security warnings when using localhost

Add tests for ignoring warning messages for the following scenarios:
  1. node integration with remote content from localhost
  2. loading insecure resources from localhost

* test: fix insecure resource test

* test: pass nodeIntegration with remote test on did-finish-load

* test: maybe fix node integration test (error w/ conv circular struct)

* test: update test description

* test: use "load" event to check when nodeIntegration test has finished

Instead of relying on the "did-finish-load" event, which may result in
a race condition, add an "onload" handler that logs "loaded" to the
console. This will execute _after_ the nodeIntegration check, so it
can be safely used as a signal to indicate that the test is done.

* test: rename base-page-security-load-message.html

* fix: ignore enabled remote module warning for localhost

* refactor: add isLocalhost()
2019-07-02 19:36:50 +09:00
Samuel Attard
6eed4a98ce fix: do not remove node globals when context isolation is enabled (#18967) 2019-06-28 14:37:00 -07:00
David Sanders
6251a6d307 fix: typo in comment (#18899) 2019-06-20 10:11:38 -05:00
Milan Burda
4575a4aae3 Revert "feat: only allow bundled preload scripts (#17308)" (#18091)
This reverts commit 8cf15cc931.
2019-06-20 08:39:12 +09:00
Milan Burda
edb56500c7 refactor: piggy-back on ELECTRON_BROWSER_SANDBOX_LOAD to get content scripts (#18823) 2019-06-19 17:23:44 +02:00
Jerry Wu
d5811607eb fix: extra space in security warning message causing list misalignment (#18815) 2019-06-18 09:59:02 -07:00
Milan Burda
0af3548b55 feat: add security warning for remote module with remote content (#18822) 2019-06-17 14:21:30 -07:00
Milan Burda
c9bca78a7a refactor: use async invoke to get webPreferences in security-warnings.ts (#18821) 2019-06-17 10:57:09 -07:00
Milan Burda
deebde66f9 feat: make async webContents / <webview> methods return a Promise (#18792) 2019-06-17 12:10:02 +03:00
Milan Burda
370e9522b4 refactor: re-implement desktop-capturer in TypeScript (#18580) 2019-06-15 19:44:18 +09:00
Shelley Vohr
3309005325 chore: convert callbacks-registry to ts (#18682)
* chore: convert callbacks-registry to ts

* fix class import syntax

* move cb reg specs to spec-main
2019-06-15 17:18:25 +09:00
Shelley Vohr
ffb53405fb
chore: convert extension apis to TypeScript (#18688)
Converts extensions-related files to TS
2019-06-14 07:52:24 -07:00
Jeremy Apthorp
291ee2dafc
refactor: use the URL api to resolve urls in window setup (#18611) 2019-06-05 10:21:06 -07:00
Jeremy Apthorp
ed5fb4a720
refactor: simplify content script injection (#18532) 2019-06-04 16:07:34 -07:00
Samuel Attard
24b3d66767
refactor: remove electron.asar and embed JS in binary (#18577)
* refactor: remove electron.asar and embed JS in binary

* chore: update DEPS to merged node sha

* chore: remove unneeded eslint ignore
2019-06-03 17:03:59 -07:00
Samuel Attard
18acda7888
perf: lazily create the anchor tag used for URL resolving (#18571) 2019-06-03 01:04:21 -07:00
Samuel Attard
bc527f6b51
refactor: bundle the browser and renderer process electron code (#18553)
* refactor: bundle the browser and renderer process electron code

* Bundles browser/init and renderer/init
  * Improves load performance of main process by ~40%
  * Improves load performance of renderer process by ~30%
* Prevents users from importing our "requiring" our internal logic such
as ipc-main-internal.  This makes those message buses safer as they are
less accessible, there is still some more work to be done though to lock
down those buses completely.
* The electron.asar file now only contains 2 files, as a future
improvement maybe we can use atom_natives to ship these two files
embedded in the binary
* This also removes our dependency on browserify which had some strange
edge cases that caused us to have to hack around require-order and
stopped us using certain ES6/7 features we should have been able to use
(async / await in some files in the sandboxed renderer init script)

TLDR: Things are faster and better :)

* fix: I really do not want to talk about it

* chore: add performance improvements from debugging

* fix: resolve the provided path so webpack thinks it is absolute

* chore: fixup per PR review

* fix: use webpacks ProvidePlugin to keep global, process and Buffer alive after deletion from global scope for use in internal code

* fix: bundle worker/init as well to make node-in-workers work

* chore: update wording as per feedback

* chore: make the timers hack work when yarn is not used
2019-06-02 13:03:03 -07:00
Jeremy Apthorp
c436997840
feat: add ipcRenderer.invoke() (#18449) 2019-05-31 10:25:19 -07:00
Jeremy Apthorp
ca283c74c9 Merge remote-tracking branch 'origin/master' into roller/chromium-ad1b791122c04bd91b825fbfbdf1ff4da82a0edb-1558011686736 2019-05-21 10:07:17 -07:00
Milan Burda
af0ad4454e refactor: add invoke helpers in window-setup (#18233) 2019-05-18 20:52:29 +02:00
Nitish Sakhawalkar
cf5224140b Chrome changed the devtools url
chrome-devtools:// to devtools://
28b21a67f0
2019-05-17 16:16:25 -07:00
Milan Burda
019b31d084 chore: remove deprecated APIs (#18159) 2019-05-09 14:48:10 -04:00
Stewart Lord
d507ba68a7 fix: honor extensionId arg in chrome.runtime.connect (#16998)
The first argument to chrome.runtime.connect is extensionId, not connectInfo.
2019-05-02 11:42:04 +09:00
Milan Burda
6f5c850d60 refactor: add emitCustomEvent() helper (#17960) 2019-05-01 09:07:57 -04:00
Shelley Vohr
d87b3ead76 chore: remove promisification deprecation callbacks (#17907)
* chore: remove promisification deprecation callbacks

* update docs

* fix smoke test

* fix executejs issue

* cleanup leftovers

* fix webContents.executeJavaScript tests

* cleanup WebContents.prototype.takeHeapSnapshot

* fix "sets arbitrary webContents as devtools" test

* fix executeJavaScriptInFrame related tests
2019-04-30 07:08:32 -07:00
Cheng Zhao
a4fcc32799
feat: upgrade to Node 12 (#17838)
* fix: add boringssl backport to support node upgrade

* fix: Update node_includes.h, add DCHECK macros

* fix: Update node Debug Options parser usage

* fix: Fix asar setup

* fix: using v8Util in isolated context

* fix: make "process" available in preload scripts

* fix: use proper options parser and remove setting of _breakFirstLine

_breakFirstLine was being set on the process, but that has changed in node 12 and so is no longer needed. Node will handle it properly when --inspect-brk is provided

* chore: update node dep sha

* fix: process.binding => _linkedBinding in sandboxed isolated preload

* fix: make original-fs work with streams

* build: override node module version

* fix: use _linkedBinding in content_script/init.js

* chore: update node ref in DEPS

* build: node_module_version should be 73
2019-04-26 18:55:12 +09:00