Commit graph

341 commits

Author SHA1 Message Date
John Kleinschmidt
beb06c0787 Merge pull request #10537 from qazbnm456/improve-content_scripts.css
[Security] Use textContent instead innerHTML to remediate DOM based XSS
2017-10-26 11:51:43 -04:00
Shelley Vohr
5f6f117bad
changes from review 2017-10-25 23:41:11 -04:00
Shelley Vohr
d4880b135a
revert ipc lookup table 2017-10-25 15:36:16 -04:00
Shelley Vohr
c0f2a7b44a
fix standard issues 2017-10-25 09:56:02 -04:00
Shelley Vohr
f129622446
clean up remote 2017-10-25 09:51:21 -04:00
Shelley Vohr
7593bec687
update reviewed items 2017-10-24 19:36:06 -04:00
Shelley Vohr
b58ceae69c
appease linter gods 2017-10-24 12:28:15 -04:00
Shelley Vohr
43e118fe45
update desktop capturer and remove unnessary vars 2017-10-24 12:01:51 -04:00
Felix Rieseberg
2bd8877be3 🔧 String comparison 2017-10-07 08:26:32 -07:00
Felix Rieseberg
63749e281d 🔧 Linters gotta lint 2017-10-06 13:36:54 -07:00
Felix Rieseberg
11ac780caf 🔧 Add security warning 2017-10-06 13:02:54 -07:00
Boik
16499358b3 fix lint 2017-09-17 14:09:12 +08:00
Boik
d86724f17a code improvement 2017-09-17 13:56:22 +08:00
Boik
26e6f2c46c use textContent instead innerHTML to remediateDOM based XSS vulnerbilities 2017-09-17 11:27:03 +08:00
Alexandre Lachèze
e1a232e7c8 Add support for css in content_scripts 2017-09-14 17:23:33 +09:00
Cheng Zhao
bd87982b5c Merge pull request #10075 from alexstrat/fix/fix-content_scripts-match
Fix content scripts matches
2017-07-24 15:27:55 +09:00
Cheng Zhao
25f168cecb Merge pull request #9951 from alexstrat/fix-chrome-storage
Fix chrome storage access scope
2017-07-24 14:01:15 +09:00
Alexandre Lachèze
a2ba4e0a6a fix content scripts matches 2017-07-20 20:01:49 +02:00
Alexandre Lachèze
498f344e2e Correct mkdir 2017-07-20 19:50:55 +02:00
Kevin Sawicki
553021bc9c Only assign opener when not using nativeWindowOpen 2017-07-17 11:55:15 -07:00
Alexandre Lachèze
ec8407c65d Recursively mkdir the parent directories 2017-07-11 00:56:45 +02:00
Alexandre Lachèze
c85f3cbd2c Change storage implementation to async 2017-07-11 00:35:53 +02:00
Alexandre Lachèze
9aac8967aa 👕 2017-07-10 23:56:44 +02:00
Alexandre Lachèze
969c74b886 Use es6 string templating 2017-07-10 23:50:59 +02:00
Alexandre Lachèze
73e8769b1f content_scripts[].matches use the URL without hash part 2017-07-07 04:14:36 +02:00
Alexandre Lachèze
ec10338364 Per-extension storage 2017-07-07 03:13:19 +02:00
Alexandre Lachèze
d2002ff3fc Use a file as Chrome Storage rather than localStorage 2017-07-07 03:06:53 +02:00
Birunthan Mohanathas
7d2226e05e Let Chromium manage document.visibilityState and document.hidden
Chromium already includes the necessary plumbing to manage the
visibility properties and `visibilitychange` event so this gets rid of
most of our custom logic for `BrowserWindow` and `BrowserView`.

Note that `webview` remains unchanged and is still affected by the issues
listed below.

User facing changes:

- The `document` visibility properties and `visibilitychange` event are
  now also updated/fired in response to occlusion changes on macOS. In
  other words, `document.visibilityState` will now be `hidden` on macOS
  if the window is occluded by another window.

- Previously, `visibilitychange` was also fired by *both* Electron and
  Chromium in some cases (e.g. when hiding the window). Now it is only
  fired by Chromium so you no longer get duplicate events.

- The visiblity state of `BrowserWindow`s created with `{ show: false }`
  is now initially `visible` until the window is shown and hidden.

- The visibility state of `BrowserWindow`s with `backgroundThrottling`
  disabled is now permanently `visible`.

This should also fix #6860 (but not for `webview`).
2017-06-06 15:16:01 -07:00
Kevin Sawicki
a285a3e64b Default webviewTag to false 2017-05-17 14:01:45 -07:00
Kevin Sawicki
bde13353fb Rename option to webviewTag and default to nodeIntegration value 2017-05-17 13:12:23 -07:00
Kevin Sawicki
837ea884de Merge remote-tracking branch 'origin/master' into enable-webview 2017-05-17 12:45:29 -07:00
Thiago de Arruda
6b5bd3b6ce Fix how rpc-server releases references after page reload
In addition to listening for "render-view-deleted", listen for
"ELECTRON_BROWSER_CONTEXT_RELEASE" synchronous message, which is sent by the
remote module when the page is about to be navigated.

This is required to allow child windows running in the same renderer to
correctly manage remote object references, since `render-view-deleted` is only
called when the renderer exits.

Close #9387
2017-05-16 09:05:52 -03:00
HariJ
a05eb9047e Fixing missed variable name 2017-05-08 18:50:20 -07:00
Hari Krishna Reddy Juturu
3321f7d39c Changing command line option name 2017-05-08 17:27:31 -07:00
Hari Krishna Reddy Juturu
94d054cf11 Add option to override webview security 2017-05-06 22:10:42 -07:00
Hari Krishna Reddy Juturu
b4a8ed01f1 PR 44648: Enabling creation on webview with node-integration disabled and raising events
- Enabling creation on webview with node-integration disabled and raising events

Conflicts:
	lib/browser/guest-view-manager.js
2017-05-06 20:50:01 -07:00
Ryohei Ikegami
1d73e84a29 Merge branch 'master' into native-window-open 2017-04-27 12:03:55 +09:00
Kevin Sawicki
95ef422ab4 Coerce offset to number in renderer process 2017-04-26 12:37:16 -07:00
Kevin Sawicki
2c48300daa Fix typos in comment 2017-04-26 09:09:42 -07:00
Kevin Sawicki
246937a372 Convert targetOrigin to string in render process 2017-04-26 09:08:47 -07:00
Kevin Sawicki
3894c1c625 Convert frameName/features to strings in render process 2017-04-26 09:08:47 -07:00
Kevin Sawicki
05b6d91bf4 Disable node integration in chrome-devtools: URLs 2017-04-25 13:36:08 -07:00
Kevin Sawicki
c90fd4dc88 Convert message/title to strings in render process 2017-04-24 09:15:01 -07:00
Kevin Sawicki
a004cada7c Merge pull request #9095 from seanchas116/better-path-resolve
Search for module from app path when URL is not file protocol
2017-04-20 10:49:53 -07:00
Ryohei Ikegami
8dff29185b Merge branch 'master' into native-window-open 2017-04-18 21:59:22 +09:00
Kevin Sawicki
7065123266 Wrap remote value being set as an arg 2017-04-04 11:18:16 -07:00
Ryohei Ikegami
61fa8693d2 Merge branch 'master' into native-window-open 2017-04-04 20:54:37 +09:00
Ryohei Ikegami
4a7eec8f2d Pass app path as command line argument 2017-04-04 09:36:01 +09:00
Kevin Sawicki
e85e483c71 Parse setting response to surface thrown errors 2017-04-03 12:16:51 -07:00
Ryohei Ikegami
001d03c859 Do not add search paths in devtools 2017-04-03 22:40:36 +09:00
Ryohei Ikegami
50c99e4507 Search for module under the app directory 2017-04-03 20:19:10 +09:00
Ryohei Ikegami
6f9dbd4e04 Merge branch 'master' into native-window-open 2017-03-24 00:11:43 +09:00
Cheng Zhao
bb5ad4ac05 Correctly initialize Node environment in worker 2017-03-20 12:52:45 -07:00
Kevin Sawicki
286f529968 Merge pull request #8890 from twolfson/dev/proxy.to.string.sqwished
🐛 Add toString support to remote functions
2017-03-20 09:35:51 -07:00
Ryohei Ikegami
a1f9a45276 Use native window.open implementation 2017-03-19 17:41:20 +09:00
Kevin Sawicki
c50b518493 Check toString after loading remote properties 2017-03-17 10:29:07 -07:00
Todd Wolfson
818738ce84 🐛 Add toString support to remote functions 2017-03-17 08:21:37 -07:00
Thiago de Arruda
f6befbe764 Expose lib/renderer/api/remote.js to sandboxed renderer 2017-03-16 14:21:23 -03:00
deepak1556
bd9a9657aa disable node integration for chrome scheme 2017-03-14 00:26:27 +05:30
deepak1556
a2db14476a create webui message handler 2017-03-14 00:25:59 +05:30
deepak1556
fdd574cea5 browser: implement pdf renderer as webui 2017-03-14 00:25:59 +05:30
Thiago de Arruda
dda2288541 Remove lib/renderer/api/ipc-renderer-setup.js
This file is no longer required since sandboxed renderer directly imports
ipc-renderer.js.
2017-03-09 20:40:32 -03:00
Thiago de Arruda
44bd93589a Refactor electron exports to keep module list in separate files 2017-03-09 19:08:01 -03:00
Kevin Sawicki
dbe9893d29 Assign Promise.resolve to constant 2017-03-07 12:10:09 -08:00
Kevin Sawicki
79b17c2cd9 Expose TouchBar on remote module 2017-03-03 14:00:39 -08:00
Kevin Sawicki
e8a79cb88d Don't require browser process module from renderer
This can cause issues when it is accessed from the
require cache or module tree since the getters throw
errors when called.
2017-02-28 08:45:39 -08:00
Kevin Sawicki
1d84d83fd4 Forward webview visibility change events from browser process 2017-02-28 08:23:00 -08:00
Kevin Sawicki
7564a9973b Use const instead of var 2017-02-28 08:23:00 -08:00
Kevin Sawicki
f4717b34e9 Register visibility change listener when attached 2017-02-28 08:23:00 -08:00
deepak1556
403e7681c1 add basic webview zoom specs 2017-02-18 01:34:32 +05:30
Kevin Sawicki
2a18e3f9ea Remove Buffer global on load 2017-02-14 08:42:34 -08:00
deepak1556
e3fe3cc490 map webframe zoom api to use HostZoomMap 2017-02-12 00:49:17 +05:30
deepak1556
63c0e4cbb1 Add ZoomController to manager zoom changes for webcontents 2017-02-12 00:49:17 +05:30
Greg Nolle
e29b64a18a modify CertVerifier Class
* respond to multiple similar verification requests.
* accept net error result as callback response.
2017-02-08 11:59:43 -08:00
Cheng Zhao
c72438f09f WebInspector has been split up 2017-02-06 10:34:29 -08:00
Kevin Sawicki
6bcfd0630c Document implemented APIs at the top 2017-01-16 12:38:16 -08:00
Kevin Sawicki
fbcbfbda6a Add back BrowserWindowProxy location property 2017-01-16 12:38:16 -08:00
Kevin Sawicki
f3852c57fc Use empty string for comparison 2017-01-16 12:38:16 -08:00
Kevin Sawicki
2e6d08c652 Remove unneeded this prefix 2017-01-16 12:38:16 -08:00
Kevin Sawicki
bb260343de Move more functions to outer scope 2017-01-16 12:38:16 -08:00
Kevin Sawicki
3f7b3c4bd7 Implement window overrides in main context 2017-01-16 12:38:16 -08:00
Javan Makhmali
a64bdbd306 Add "context-menu" DOM event to <webview> 2017-01-13 17:04:09 -05:00
Kevin Sawicki
1278e8cebc Remove unused variable 2016-12-02 13:40:31 -08:00
Kevin Sawicki
635c909aab Implement window.alert/confirm/close in main process 2016-12-02 13:40:31 -08:00
Kevin Sawicki
f894da13b0 Pass args array instead of arguments object 2016-12-02 13:40:31 -08:00
Kevin Sawicki
af555bd879 Use spread syntax instead of apply 2016-12-01 14:56:00 -08:00
Kevin Sawicki
c8ff67ab75 Use spread syntax instead of function apply 2016-12-01 14:56:00 -08:00
Kevin Sawicki
477ac313ab Merge pull request #8086 from deepak1556/devtools_remove_workspace_patch
override window.confirm in devtools
2016-11-29 13:31:21 -08:00
Kevin Sawicki
72e559458f Inline buttons and cancelId values 2016-11-29 13:30:28 -08:00
Kevin Sawicki
6f6c5c07f0 Remove unintended returns 2016-11-28 10:56:23 -08:00
Kevin Sawicki
3a29555772 Access URL through webContents directly 2016-11-28 10:56:23 -08:00
deepak1556
3ac9858726 override window.confirm in devtools 2016-11-28 01:08:48 +05:30
Cheng Zhao
bbaab755e3 Merge pull request #8049 from electron/prevent-remove-all-ipc
Throw an error when users attempt to remove all listeners from the IPC modules
2016-11-27 14:29:49 +08:00
Kevin Sawicki
9a5df9da41 Expose setVisualZoomLevelLimits on webContents and <web-view> 2016-11-22 08:07:55 -08:00
Samuel Attard
db729b5b52
Throw an error when users attempt to remove all listeners from the IPC modules 2016-11-22 18:30:58 +11:00
Paul Betts
e2649ce7d8 Add new method to set layout-based zoom level limit 2016-11-21 14:59:55 -05:00
Cheng Zhao
3834f0c6a6 Merge pull request #7974 from electron/chrome-runtime-response-callback
Implement chrome.runtime.onMessage response callback
2016-11-17 13:01:38 +09:00
Samuel Attard
7c26ec8bd4 Remove semicolon 2016-11-17 14:56:44 +11:00
Kevin Sawicki
5167ccd147 Guard against missing members in setObjectMembers 2016-11-16 07:45:34 -08:00
Birunthan Mohanathas
2986b7bc4a Allow webview guests to be resized manually
This adds the `disableguestresize` property for webviews to prevent the
webview guest from reacting to size changes of the webview element. This
also partially documents the `webContents.setSize` function in order to
manually control the webview guest size.

These two features can be combined to improve resize performance for
e.g. webviews that span the entire window. This greatly reduces the lag
described in #6905.
2016-11-15 11:00:09 -08:00