* test: drop the now-empty remote runner from CI
* move fixtures to spec-main
* remove remote runner
* fix stuff
* remove global-paths hack
* move ts-smoke to spec/
* fix test after merge
* rename spec-main to spec
* no need to ignore spec/node_modules twice
* simplify spec-runner a little
* no need to hash pj/yl twice
* undo lint change to verify-mksnapshot.py
* excessive ..
* update electron_woa_testing.yml
* don't search for test-results-remote.xml
it is never produced now
* feat: enable context isolation by default
* chore: set default in ctx iso getter
* spec: make all specs work with the new contextIsolation default
* spec: fix affinity specs
* spec: update tests for new ctx iso default
* spec: update tests for new ctx iso default
* spec: update tests for new ctx iso default
* spec: update tests for new ctx iso default
* chore: move stray prod deps to dev deps
* spec: update tests for new ctx iso default
* turn off contextIsolation for visibility tests
* turn off contextIsolation for <webview> tag nodeintegration attribute loads native modules when navigation happens
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
* feat: add worldSafe flag for executeJS results
* chore: do not log warning for webContents.executeJS
* Apply suggestions from code review
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
* chore: apply PR feedback
* chore: split logic a bit
* chore: allow primitives through the world safe checl
* chore: clean up per PR feedback
* chore: flip boolean logic
* chore: update per PR feedback
* chore: fix typo
* chore: fix spec
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
* refactor: port window.open and window.opener to use ctx bridge instead of hole punching
* refactor: only run the isolated init bundle when webview is enabled
* fix: restore parts of original ResourceRequestBody V8 conversion
Restore some of the original conversion logic in order to fix target=_blank post form submissions.
* test: add test for POST form submission
* fix: explicitly resize the contents when exiting html fullscreen while in OS fullscreen
* test: ensure HTML fullscreen toggles while in OS fullscreen
* refactor: use v8 serialization for ipc
* cloning process.env doesn't work
* serialize host objects by enumerating key/values
* new serialization can handle NaN, Infinity, and undefined correctly
* can't allocate v8 objects during GC
* backport microtasks fix
* fix compile
* fix node_stream_loader reentrancy
* update subframe spec to expect undefined instead of null
* write undefined instead of crashing when serializing host objects
* fix webview spec
* fix download spec
* buffers are transformed into uint8arrays
* can't serialize promises
* fix chrome.i18n.getMessage
* fix devtools tests
* fix zoom test
* fix debug build
* fix lint
* update ipcRenderer tests
* fix printToPDF test
* update patch
* remove accidentally re-added remote-side spec
* wip
* don't attempt to serialize host objects
* jump through different hoops to set options.webContents sometimes
* whoops
* fix lint
* clean up error-handling logic
* fix memory leak
* fix lint
* convert host objects using old base::Value serialization
* fix lint more
* fall back to base::Value-based serialization
* remove commented-out code
* add docs to breaking-changes.md
* Update breaking-changes.md
* update ipcRenderer and WebContents docs
* lint
* use named values for format tag
* save a memcpy for ~30% speedup
* get rid of calls to ShallowClone
* extra debugging for paranoia
* d'oh, use the correct named tags
* apparently msstl doesn't like this DCHECK
* funny story about that DCHECK
* disable remote-related functions when enable_remote_module = false
* nits
* use EnableIf to disable remote methods in mojom
* fix include
* review comments
* fix: don't handle browser messages before document element is created
* fix: bind ElectronApiServiceImpl later
DidCreateDocumentElement is called before the ElectronApiServiceImpl
gets bound.
* chore: add comment
* fix: disable remote host nodeIntegration warning for localhost
In warnAboutNodeWithRemoteContent(), add a check to see if the hostname
is "localhost" and prevent the warning message if it is.
* fix: disable loading insecure resources warning for localhost
In warnAboutInsecureResources(), filter out resources from localhost
since they are most likely not a threat.
* test: add tests for ignoring security warnings when using localhost
Add tests for ignoring warning messages for the following scenarios:
1. node integration with remote content from localhost
2. loading insecure resources from localhost
* test: fix insecure resource test
* test: pass nodeIntegration with remote test on did-finish-load
* test: maybe fix node integration test (error w/ conv circular struct)
* test: update test description
* test: use "load" event to check when nodeIntegration test has finished
Instead of relying on the "did-finish-load" event, which may result in
a race condition, add an "onload" handler that logs "loaded" to the
console. This will execute _after_ the nodeIntegration check, so it
can be safely used as a signal to indicate that the test is done.
* test: rename base-page-security-load-message.html
* fix: ignore enabled remote module warning for localhost
* refactor: add isLocalhost()
* fix: emit IPC event in correct context if isolation and sandbox enabled
IPC events were not being delivered to renderer processes when both
`contextIsolation` and `sandbox` were enabled. This is because the
`AtomSandboxedRenderFrameObserver` class was incorrectly using the
`MainWorldScriptContext`, rather than conditionally selecting the
context based on if isolation was enabled.
Fixes#11922
