* Disable nodeIntegration
* Enable contextIsolation
* Re-implement the CSP security check to handle running in
contextIsolation
* Disable bad DCHECKS for the promise helper
* Remove the unused "-d" flag for the electron binary
* Added a way to hide the default help output for electron devs who
don't want to see it every time
* perf: use an internal module resolver instead of relative requires
* perf: memoize the results of getting exported Electron properties
* perf: make internal module changes consistent across sandboxed / bundled files
* chore: replace standard with eslint-config-standard
This adds support for --cache so linting JS only takes ~1 second and only lints things that changed
It also allows us to add custom linting rules
* chore: add eslint-plugin-mocha and enable the no-exclusive-tests rule
This will block anyone from pushing / merging a `.only` test or describe
* remove obsolete tests
* remove unused deprecate API
* make a warnOnce helper for the deprecate methods
* misc. copyediting, e.g. variable names, whitespace
* test that any deprecation warns once at most
* use strict
* fix: use render client id to track deleted render process hosts
Instead of relying on OS process id, which may not be unique
when a process is reused, we rely on the renderer client id
passed by the content layer when starting the renderer process
which is guaranteed to be unique for the lifetime of the app.
* fix: store context id as int64_t
Ensuring that it doesn't wrap easily with a large number
of context creation on some malformed web pages.
* chore: reformat code
* refactor: getOrCreateArchive() for ASARs
- store cached archive in a Map
- return `null` instead of `false` on failures
* refactor: splitPath() for ASARs
- store custom extension in a constant
- remove magic numbers
- add comments
* refactor: explicitly use assert() for a developer error
* chore: remove console.log() calls
* refactor: replace "p" arguments with "pathArgument"
"path" would be a better name, but it is already taken
but the "path" Node module.
* refactor: createError() for ASARs
- return an `Error` instance
- use enum for error types
- minor improvements
* refactor: use more meaningful name for an arg than just "arg"
* feat: deprecate default value of nodeIntegration
* Use DeprecationStatus::Stable as the default instead of shadowing
* change wording of deprecations
* chore: also deprecate kWebviewTag and kContextIsolation
* chore: do as we preach, lets be secure-by-default in the default app
RenderProcessHost switch can happen between ipc calls when
speculative process are invvolved, which will lead to deletion
of entries on current context. Use OS process handles to
uniquely associate a destruction handler for a render process.
* fix: use OOIF for webview tag
* fix: do not call GetNativeView for webview
* fix: OOIPF webview's WebContents is managed by embedder frame
* fix: guest view can not be focused
* fix: clear zoom controller when guest is destroyed
* fix: implement the webview resize event
The webview is no longer a browser plugin with the resize event, use
ResizeObserver instead.
* test: disable failed tests due to OOPIF webview
* fix: embedder can be destroyed earlier than guest
This happens when embedder is manually destroyed.
* fix: don't double attach
* fix: recreate iframe when webview is reattached
* fix: resize event may happen very early
* test: some tests are working after OOPIF webview
* chore: remove unused browser plugin webview code
* fix: get embedder via closure
When the "destroyed" event is emitted, the entry in guestInstances would be
cleared.
* chore: rename browserPluginNode to internalElement
* test: make the visibilityState test more robust
* chore: guestinstance can not work with OOPIF webview
* fix: element could be detached before got response from browser
After after using `processId-contextCounter` as contextId, it may happen
that contexts in different WebContents sharing the same renderer process
get the same contextId. Using webContentsId as part of key in
ObjectsRegistry can fix this.
Replaces 'did-finish-load' with 'did-stop-loading' which semantically
maps to the events inside Chromium. Before I think we were relying
on a natural 99% winnable race condition.
Fixes#13504
After the page does navigations, garbage collection can still happen in
the old context. This commit changes to store references to remote objects
by _pages_, instead of by _WebContents_.
* Add promise helper and change whenReady to be native impl
* remove commented code
* add GetInner helper to dedupe promise code
* add Promise.reject helper to be consistent with JS
* fix linting
* update promise impl per feedback
* remove param name from unused isolate
* Use non-depreceated resolvers for promises
* Add thread dchecks for promise helper, intiialize promise pointer to nullptr
due to change in node.js(https://github.com/nodejs/node/issues/17076)
internalModuleReadFile has been renamed to internalModuleReadJSON, and
in vendor/node/lib/internal/modules/cjs/loader.js it will call
internalModuleReadJSON and result in can't read the package.json file.
* Introduce `net.{start|stop}Logging()`
- Slight regression right now as Electron won't automatically start logging net-logs at launch, will soon be fixed
- To implement callback for async controls
* Add `net.isLogging` & optional callback param for `net.stopLogging()`
* Fix small regression on --log-net-log
--log-net-log should work again
* Error on empty file path
* Only start with valid file path
* Remove unused var
* Allow setting log file path before URLRequestContextGetter starts logging
* Add net log tests
* Remove redundant checks
* Use brightray::NetLog
* Clean up code
* Should automatically stop listening
* 🎨 Attempt to fix styles
* Only run non-null callback
* Dump file to tmpdir
* Simplify net log spec
Spawned Electron process on Linux CI can fail to launch
* Separate netLog module
* Remove net logging test from net spec
* Add tests for netLog
* Fix header guard
* Clean up code
* Add netLog.currentlyLoggingPath
* Callback with filepath
* Add test for case when only .stopLogging() is called
* Add docs
* Reintroduce error on invalid arg
* Update copyright
* Update error message
* Juggle file path string types
* Make it possible to disable a module for a renderer
* Put DesktopCapturer API under a build flag
The name is "enable_desktop_capturer".
Enabled by default.
* Don't use JSON to send the result of `ipcRenderer.sendSync`.
- Change the return type of AtomViewHostMsg_Message_Sync from `base::string16`
to `base::ListValue`
- Adjust lib/browser/api/web-contents.js and /lib/renderer/api/ipc-renderer.js
to wrap/unwrap return values to/from array, instead of
serializing/deserializing JSON.
This change can greatly improve `ipcRenderer.sendSync` calls where the return
value contains Buffer instances, because those are converted to Array before
being serialized to JSON(which has no efficient way of representing byte
arrays).
A simple benchmark where remote.require('fs') was used to read a 16mb file got
at least 5x faster, not to mention it used a lot less memory. This difference
tends increases with larger buffers.
* Don't base64 encode Buffers
* Don't allocate V8ValueConverter on the heap
* Replace hidden global.sandbox with NodeBindings::IsInitialized()
* Refactoring: check NodeBindings::IsInitialized() in V8ValueConverter
* Refactor problematic test to make it more reliable
* Add tests for NaN and Infinity
Use a single synchronous IPC call to retrieve data required by early
sandbox scripts. This has two purposes:
- Optimize preload script initialization by:
- Using one synchronous IPC call to retrieve preload script,
webContentsId (more on that later), process.{platform,execPath,env}
- Lazy loading as many modules as possible.
- Fix#12316 for sandbox. @MarshallOfSound addressed the issue in
#12342, but it was still present in sandbox mode. By loading
webContentsId very early and skipping remote module at early
startup, we fix it for sandbox.
- introduce a currentPlatformSupportsAppIndicator() function determining
if app indicators are supported here.
- handle undefined process.env.XDG_CURRENT_DESKTOP
- added some comments to ensure that the intents are clear
Thanks MarshallOfSound
When the Chrome Extension has too many content scripts (above default
10 counts), there will be a warning: possible EventEmitter memory leak
detected. 11 listeners added.
* Refactor app.makeSingleInstance
* new API `app.isPrimaryInstance()`
* new API `app.isSingleInstance()`
* new event `app.on('second-instance')`
* deprecated old syntax `app.makeSingleInstance(cb)`
* deprecated old syntax of `app.makeSingleInstance() --> bool` in favor
of `app.isPrimaryInstance()`
* Fix spec, we don't need process.nextTick hacks any more
* Make deprecation TODO for the return value of makeSingleInstance
* Refactor makeSingleInstance to requestSingleInstanceLock and add appropriate deprecation comments
* I swear this isn't tricking the linter
* Make const
* Add deprecation warnings for release, and add to planned-breaking-changes
BREAKING CHANGE
Multiple sessions inherits the "ubuntu" base settings properties in ubuntu.
One of the most popular one is communitheme: the next ubuntu default theme
has its dedicated session, with thus duplicated indicators for dropbox.
Rather than a string comparison for ubuntu, only match a substring then.
XDG_CURRENT_DESKTOP can be of form: "communitheme:ubuntu:GNOME",
"ubuntu:GNOME", …
Fixes: #12843.
Add four new optional properties to menus in Electron. The four properties are:
'before'
'after'
'beforeGroupContaining'
'afterGroupContaining'
'before/after' - provides a means for a single context menu item to declare its placement relative to another context menu item. These also imply that menu item in question should be placed in the same “group” as the item.
'beforeGroupContaining/afterGroupContaining - provides a means for a single menu item to declare the placement of its containing group, relative to the containing group of the specified item.
* add did-frame-navigate event to WebContents, pass http response code to it and did-navigate
* docs for frame routing id related api changes on WebFrame and WebContents
* expose WebFrame#routingId and pass it to WebContents frame specific events along with frameProcessId; add WebContets.did-start-navigation event
* fix compilation error on ia32 Windows
* add cause property to exception in callFunction
* update exceptionToMeta function
* add sender argument
* and cause property to return value
* update exception convert in metaToValue function
* add from and cause properties to the exception error
* unit test for remote exception
* Add a screen_api_id parameter to the desktopCapturer API.
When using the DirectX capturer on Windows, there was previously no way
to associate desktopCapturer/getUserMedia and electron.screen API
screens. This new parameter provides the association.
* Fix non-Windows build.
* Fix Mac.
* Fix Mac harder.
* JS lint
* clang-format C++ code.
* IWYU
* display_id, Linux comment, better test
* lint
* Fix tests on Linux.
* Add display_id documentation.
* Propagate referrer to new windows
Fixes#9205
* Rearrange -new-window event arguments for backwards-compatibility
* Plumb referrer policy through guest-window-manager
* Document the Referrer structure and its uses
* Add tests for referrer in new windows
* Docs nits
Fixes#12311
Right now it throws a new error when the file is even require()d, but this isn't ideal as there are cases where everything is mass-required, such as Spectron. Instead, we should throw an error on non-Darwin environments only when the IAP methods are invoked.
* Remove the race condition between new process creation and old process releasing remote context
Previously there was a race condition where the getId() method would return the new context ID even
though the release was for the old context. This changes it to send the "initial" context ID with
the release message to ensure there is no race.
* fetch context ID from remote in sandbox mode
* Persist defaults to webPreferences object to JS land can read the inferred values instead of just user defined values
* Test inherited default propogation
* Refactor to remove coupling from fetching values and defaults
* Test description type
* Fix up tests
* This is to enable more browser-like behavior so that users who run third-party code
will not be DOS'ed with alerts and confirms. This is already handled like this
in most major browsers so this will greatly help these developers
* Fix child touch bar items not updating
Deep children of a TouchBar didn't cause the top level touch bar to update, now they do
Fixes#11761.
* Remove unused newValue property in TB setter
* add function to remove leading/trailing separators
* change const name for clarity
* add spec to check filtered separators
* clean method and add edge case spec per review
The event is emitted when the OS is rebooting/shutting down, and allows
an electron app to call `e.preventDefault()` in order to delay shutdown
and exit cleanly.
* 🔧 Add security issue detection (and logs)
* 🔧 Check for it on load
* 👷 Add some tests
* 👷 Make the linter happy
* 🔧 Allow them to be enabled by force
* 📝 Make message slightly prettier
* 🔧 Fix a typo in the code comment
* 🔧 Classic mistake
* 🚀 Optimize things a bit more
* 👷 Add tests, fix tests
* 📝 Document things
* 🔧 Make linter happy
* 🔧 One more piece of cleanup
- For more flexibility in designing the recent documents menu, now there can be one menu item (known issue: you may specify more but AppKit doens't display more than one) in the submenu list, rather than separating the labels with a tab.
- Also added is the role `clearrecent` that can be given to a menu item that can clear the recent documents.
- Does not yet accept any options except label--"Clear Menu" can't be modified through exposed node API
- If `openrecent` is present across multiple menu items, the last seen will be visible in the main menu due to that it is designed to behave like a singleton