If node::Buffer::New() is used to wrap an existing chunk of memory
without providing a custom callback to release that memory then Node
will just use `free()`. In a couple of places Node buffer objects were
constructed from chunks of memory that were allocated with `new[]`, but
a custom callback to release that memory was omitted, this resulted in
undefined behavior when those buffers were destroyed because `free()`
was used to release memory allocated with `new[]`.
To avoid undefined behavior the aforementioned buffer objects are now
constructed with a custom callback that safely releases the underlying
chunk of memory.
The sandbox option allows multiple webContents in one renderer process, so using
the only the renderer id to identify WebContents instances is no longer an
option.
WebContents::GetID now returns a 64-bit integer, which is composed of both the
process id(high 32), and the RenderViewHost routing id(low 32). Also add a
`GetProcessID` that retrieves the renderer process id, a requirement in some of
our javascript code.
- Allow `api::Window` instances to be created from existing `api::WebContents`.
- Override `WebContentsCreated` and `AddNewContents` to wrap renderer-created
`content::WebContents` into `api::WebContents`.
- For `content::WebContents` that should be displayed in new windows, pass the
wrapped `api::WebContents` object to window manager.
- Add an overload to `WebContents::CreateFrom` that accepts a type parameter. If
type is `REMOTE`, initialization is the same as before(a thin wrapper). If
not, the `api::WebContents` will be fully initialized, as if it was created by
`api::WebContents::Create`.
- Move common initialization code to `InitWithSessionAndOptions`.
When `--enable-sandbox` is passed, electron will use chromium sandbox to spawn
all renderers, and every new BrowserWindow will automatically have "sandboxed"
passed as a web preference(since the renderer would not work properly
otherwise).
When "sandboxed" is passed as a web preference for `BrowserWindow`, the newly
created renderer won't run any node.js code/integration, only communicating with
the system via the IPC API of the content module. This is a requirement for
running the renderer under chrome OS-level sandbox.
Beyond that, certain behaviors of AtomBrowserClient are modified when dealing
with sandboxed renderers:
- `OverrideSiteInstanceNavigation` no longer create a new `SiteInstance` for
every navigation. Instead, it reuses the source `SiteInstance` when not
navigating to a different site.
- `CanCreateWindow` will return true and allow javascript access.
