fix: validate protocol scheme names in setAsDefaultProtocolClient
On Windows, `app.setAsDefaultProtocolClient(protocol)` directly
concatenates the protocol string into the registry key path with no
validation. A protocol name containing `\` could write to an arbitrary
subkey under `HKCU\Software\Classes\`, potentially hijacking existing
protocol handlers.
To fix this, add `Browser::IsValidProtocolScheme()` which validates that a protocol
name conforms to the RFC 3986 scheme grammar:
scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
This rejects backslashes, forward slashes, whitespace, and any other
characters not permitted in URI schemes.
* chore: bump chromium in DEPS to 146.0.7652.0
* fix(patch-conflict): update mas_avoid_private_macos_api_usage context for constrainFrameRect method
The upstream CL added a new constrainFrameRect:toScreen: method override to
NativeWidgetMacNSWindow as part of headless mode window zoom implementation.
The MAS patch's #endif for frameViewClassForStyleMask now correctly appears
after that method, since constrainFrameRect is a public API override that
doesn't need to be guarded.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7487666
* fix(patch-conflict): update printing.patch for base::DictValue rename
Updated printing.patch to use the new base::DictValue type name instead of
base::Value::Dict following Chromium's type renaming change. This affects
CompleteUpdatePrintSettings() signature and related code.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7509820
* fix(patch-conflict): update accessibility_ui patch for base::DictValue/ListValue rename
Updated adjust_accessibility_ui_for_electron.patch to use the new
base::DictValue and base::ListValue type names instead of base::Value::Dict
and base::Value::List following Chromium's type renaming change.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7509820
* chore: update patches
* 6625736: Rename DURABLE_STORAGE to PERSISTENT_STORAGE for consistency | https://chromium-review.googlesource.com/c/chromium/src/+/6625736
* chore: bump chromium in DEPS to 146.0.7653.0
* chore: update patches
* 7000847: add type tag to v8::External for gin_helper function templates
The upstream gin function templates now use v8::ExternalPointerTypeTag
for type safety when using v8::External. Updated Electron's forked
gin_helper function template to use the same kGinInternalCallbackHolderBaseTag
that Chromium's gin uses.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7000847
* fix(patch-update): extend V8 Object API deprecation patch for Node.js
Extended the existing patch to cover additional files that use
GetAlignedPointerFromInternalField and SetAlignedPointerInInternalField:
- src/stream_base-inl.h
- src/udp_wrap.cc
- src/js_udp_wrap.cc
- src/node_process_methods.cc
- src/node_snapshotable.cc
- src/base_object.cc
These APIs now require an EmbedderDataTypeTag parameter.
Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7087956
* 7000847: add type tag to v8::External calls in shared_texture
Updated v8::External::New and v8::External::Value calls to use the
kExternalPointerTypeTagDefault tag as required by the V8 API change
that deprecates the tagless versions.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7000847
* 7508687: use ChildProcessId for file permission APIs
The ChildProcessSecurityPolicy::CanReadFile and GrantReadFile APIs
now require ChildProcessId instead of int. Updated to use GetID()
instead of GetDeprecatedID() for these specific calls.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7508687
* 7000847: add type tag to v8::External calls in callback and osr_converter
The v8::External API now requires an EmbedderPointerTypeTag parameter
for both New() and Value() methods to improve V8 sandbox type safety.
Updated calls in:
- callback.cc: TranslatorHolder constructor and CallTranslator
- osr_converter.cc: OffscreenSharedTextureValue converter
Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7000847
* fixup! 7087956: [api] Promote deprecation of v8::Context and v8::Object API methods
Extended the Node.js patch to cover histogram.cc which also uses
SetAlignedPointerInInternalField and GetAlignedPointerFromInternalField
APIs that now require the EmbedderDataTypeTag parameter.
Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7087956
* chore: bump chromium in DEPS to 146.0.7655.0
* chore: update patches
* 7509043: update WebSpellingMarker type for API change
The upstream Chromium API changed - WebSpellingMarker was moved from a
nested type within WebTextCheckClient to a standalone type in the blink
namespace.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7509043
* 7498491: update process_id to use OriginatingProcess type
The upstream Chromium API changed - URLLoaderFactoryParams::process_id
was changed from an integer to a union type network::OriginatingProcess
that distinguishes between browser and renderer processes.
- For browser process requests, use OriginatingProcess::browser()
- For renderer process lookups, check !is_browser() and use
renderer_process().value() to get the child_id
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7498491
* 5710330: Add crash keys to debug NativeWidgetMacNSWindowBorderlessFrame exception | https://chromium-review.googlesource.com/c/chromium/src/+/5710330
5710330 added a new NSNextStepFrame interface extension and
implementations for NativeWidgetMacNSWindowTitledFrame and
NativeWidgetMacNSWindowBorderlessFrame. These use private macOS APIs
that are not available in Mac App Store builds.
* chore: update patches
* chore: bump chromium in DEPS to 146.0.7661.0
* chore: bump chromium in DEPS to 146.0.7663.0
* fix(patch-conflict): update accessibility_ui for string_view API change
Upstream removed redundant std::string(default_api_type) conversion as part
of a string_view optimization cleanup. Updated patch context to match.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7514107
* fix(patch-conflict): update service process launch options for sandbox API refactor
Upstream removed content/common/sandbox_init_win.cc and
content/public/common/sandbox_init_win.h, moving the functionality directly
into ChildProcessLauncherHelper. Updated patch to call
sandbox::policy::SandboxWin::StartSandboxedProcess directly with the
LaunchOptions pointer instead of going through the removed helper.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7528253
* fix(patch-conflict): update MAS safestorage for keychain API refactor
Upstream refactored KeychainPassword::GetPassword() to use a new
GetPasswordImpl() helper function with improved error tracking via
base::expected<std::string, OSStatus>. Adapted patch to use the new
GetPasswordImpl with the suffixed account name and handle migration
from legacy accounts through the new API.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7516438
* chore: update patches
* chore: bump chromium in DEPS to 146.0.7663.0
* fix: base::Value::Dict -> base::DictValue
https://chromium-review.googlesource.com/c/chromium/src/+/7513889
* fix: include new cookie exclusion reason
https://chromium-review.googlesource.com/c/chromium/src/+/7486527
* fix: enable libc++ ABI flag for trivially copyable std::vector<bool>
Required for changes introduced in the following CL
https://chromium-review.googlesource.com/c/chromium/src/+/7513653
* fixup! fix: base::Value::Dict -> base::DictValue https://chromium-review.googlesource.com/c/chromium/src/+/7513889
* fix: spellcheck not working in tests
https://chromium-review.googlesource.com/c/chromium/src/+/7452579
* fix: cookie test failing due to multiple rejection reasons
https://chromium-review.googlesource.com/c/chromium/src/+/7506629
* fix: macos sizing unmaximized window incorrectly
https://chromium-review.googlesource.com/c/chromium/src/+/7487666
Changes to headless mode caused the unmaximized window to subtract
the height of the menubar.
* fix: skip tests for incompatible BoringSSL ML-DSA crypto
https://boringssl-review.googlesource.com/c/boringssl/+/84929
* test: fix pseudonymization registration in utility process on Linux
Ref: 7486913: Pass pseudonymization salt via shared memory at process launch | https://chromium-review.googlesource.com/c/chromium/src/+/7486913
* fix: restore MAS patch-outs
Restores some `#if !IS_MAS_BUILD()` gates dropped in 773054ad59
* fixup! 7508687: use ChildProcessId for file permission APIs
* fixup! fix(patch-conflict): update MAS safestorage for keychain API refactor
* chore: add note about parallel upstream change
* fixup! Merge remote-tracking branch 'origin/main' into roller/chromium/main
* Revert "fixup! 7508687: use ChildProcessId for file permission APIs"
This reverts commit 05c43e4e5d2e0017275d6399818cd8e8254f29a0.
The _impl version has the signature, but not the public interface. :oof:
* fixup! fix(patch-conflict): update MAS safestorage for keychain API refactor
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
Co-authored-by: Samuel Maddock <samuelmaddock@electronjs.org>
Co-authored-by: clavin <clavin@electronjs.org>
* refactor: avoid repeating the return type from the declaration; use a braced initializer list instead [modernize-return-braced-init-list]
* refactor: avoid repeating the return type from the declaration; use a braced initializer list instead [modernize-return-braced-init-list]
NB: using the braced-initializer list uncovered an error here:
the float returned by std::floor() can't be implicitly cast to
an int. This is solved by using base::ClampFloor<int>() instead.
std::floor()
* chore: avoid double-call to url.scheme() in WebContentsZoomController::SetZoomMode()
* perf: use gurl.scheme_piece() in GetAppInfoHelperForProtocol()
* perf: use gurl.scheme_piece() in Browser::GetApplicationNameForProtocol()
* refactor: add std::less<> to HandlersMap
This lets us search it using string_view keys
* refactor: ProtocolRegistry::FindRegistered() now takes a std::string_view
* perf: use gurl.scheme_piece() in InspectableWebContents::LoadNetworkResource()
* refactor: ProtocolRegistry::FindIntercepted() now takes a std::string_view
* perf: use gurl.scheme_piece() in SimpleURLLoaderWrapper::GetURLLoaderFactoryForURL()
* perf: use gurl.scheme_piece() in ProxyingURLLoaderFactory::CreateLoaderAndStart()
* perf: use gurl.host_piece() in ElectronWebUIControllerFactory::GetWebUIType()
* perf: use gurl.host_piece() in ElectronWebUIControllerFactory::CreateWebUIControllerForURL()
* refactor: move ReplyChannel into an anonymous namespace
* refactor: move ChunkedDataPipeReadableStream into an anonymous namespace
* refactor: move linux helpers into an anonymous namespace
* refactor: move linux helpers into an anonymous namespace
* fix: about panel is a base::Value::Dict
* nix this test for a diff PR
* what if the about dialog was not blocking
* add this test back in
* document synchronicity
* github editor is a fan of spaces
* chore: bump chromium in DEPS to a1ea0d7aedd6b5fe58fbabfa3b05aa8ee41304ff
* update patches
* update extensions code
* Remove WebPoint
https://chromium-review.googlesource.com/c/chromium/src/+/2007474
* fix build
* chore: bump chromium in DEPS to 9351e26c2a3714f8bbb10789c71bb51b0b494c75
* update patches
* Remove error description from the DidFailLoadWithError message
https://chromium-review.googlesource.com/c/chromium/src/+/2011280
* Make SimpleNetworkHintsHandlerImpl use the right NetworkIsolationKey
https://chromium-review.googlesource.com/c/chromium/src/+/1994430
* Rename libgtkui to gtk
https://chromium-review.googlesource.com/c/chromium/src/+/2011683
* [metrics] Remove histogram Startup.WarmStartTimeFromRemoteProcessStart*.
https://chromium-review.googlesource.com/c/chromium/src/+/2003211
* fix requestSingleInstanceLock test
* chore: bump chromium in DEPS to a813567a4f17ea08292c2b26fa10d0ffd47010d9
* chore: bump chromium in DEPS to f0aca2de536ceecd6eb66e928051d11e6d11991f
* chore: bump chromium in DEPS to 865556af6d0c9d990f5b1816cb792f7c3859667b
* chore: bump chromium in DEPS to 98538fdd28c4b6692e4cc2839729bb7ac009586a
* update patches
* fix broken tests
* Update node tests for v8 changes
* Update node patches for test failures
* Update for number of tests
Co-authored-by: Jeremy Apthorp <nornagon@nornagon.net>
Co-authored-by: John Kleinschmidt <jkleinsc@github.com>
* Add GetApplicationNameForProtocol.
* Fix Windows implementation.
* Fix up test.
* Add documentation.
* Implement for real on Linux using xdg-mime.
Also ensure we allow blocking calls here to avoid errant DCHECKing.
* Improve docs for Linux.
* Clean up tests.
* Add a note about not relying on the precise format.
* Update docs/api/app.md
Co-Authored-By: Shelley Vohr <codebytere@github.com>
* Remove needless `done()`s from tests.
* Use vector list initialization.
* Add a simple test for isDefaultProtocolClient.
* Remove unneeded include and skip a test on Linux CI.
* We no longer differentiate between CI and non-CI test runs.
* refactor: move the arg instead of const reference it
* refactor: avoid unnecessary copies of base::Value in arg
* refactor: pass-by-value in dict_util
* refactor: avoid unnecessary reference
* refactor: remove direct uses of event_emitter_deprecated.h
* refactor: remove event_emitter_deprecated.h in api::App
* refactor: use std::move to save a copy
* fix: windows and linux builds
* refactor: fix clang-tidy vector operation warnings
Fix vector population performance-inefficient-vector-operation warnings
generated by clang-tidy
* refactor: fix clang-tidy emplace_back warnings
In cases where a temporary is created to be passed
to push_back(), replace it with emplace_back().
Warning: modernize-use-emplace
* refactor: fix clang-tidy loop iteration warnings
When practical, use range-based for loops instead of C-style for loops.
clang-tiny check: modernize-loop-convert
* refactor: fix clang-tidy string initialize warning
Remove redundant empty string initialization.
clang-tidy check: readability-redundant-string-init
* feat: show optional authors in gtk about panel
* chore: use a base::Value for about dialog options on Linux
* docs: mark 'version' as supported on Linux too
