Commit graph

11 commits

Author SHA1 Message Date
Samuel Attard
6df2680cb6
refactor: clean up webFrame implementation to use gin wrappers (#28497)
* refactor: clean up webFrame implementation to use gin wrappers

The previous implementation of webFrame in the renderer process leaked
sub-frame contexts and global objects across the context boundaries thus
making it possible for apps to either maliciously or accidentally
violate the contextIsolation boundary.

This re-implementation binds all methods in native code directly to
content::RenderFrame instances instead of relying on JS to provide a
"window" with every method request.  This is much more consistent with
the rest of the Electron codebase and is substantially safer.

* chore: un-re-order for ease of review

* chore: pass isolate around instead of ErrorThrower

* chore: fix rebase typo

* chore: remove unused variables
2021-04-12 16:35:18 -07:00
Milan Burda
79b3393768
chore: remove bunch of usages of any (#27512) 2021-01-29 12:41:59 -08:00
Nikita Kot
7672aa9525
feat: exposeInMainWorld allow to expose non-object APIs (#26594) 2020-12-04 09:43:20 -08:00
loc
0b85fdf26c
feat: add webContents.setWindowOpenHandler API (#24517)
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
2020-11-10 09:06:03 -08:00
Shelley Vohr
659e79fc08
refactor: prevent consistent early exception (#24191)
* refactor: prevent consistent early exception

* Use _linkedBinding where possible

* Remove dead electronBinding
2020-06-22 20:32:45 -07:00
Samuel Attard
9d7ba98209
refactor: remove the RenderFrameFunctionStore and use privates to memory manage (#23592) 2020-05-15 11:57:40 -07:00
Samuel Attard
7f9b7b2e95
chore: clean up context bridge scopes and add specs for internal bridge (#23334)
* chore: clean up context bridge context scopes

* spec: add specs for internalContextBridge
2020-05-11 13:41:42 -07:00
Samuel Attard
abe5cf398c
refactor: port window.open and window.opener to use ctx bridge instead of hole punching (#23235)
* refactor: port window.open and window.opener to use ctx bridge instead of hole punching

* refactor: only run the isolated init bundle when webview is enabled
2020-04-27 12:46:04 -07:00
Samuel Attard
96bf9ce77f
refactor: port parts of window-setup to use ctx bridge instead of being run in the main world (#23194)
* refactor: port parts of window-setup to use ctx bridge instead of being run in the main world

* chore: update ctx bridge specs for new base numbers
2020-04-22 12:42:51 -07:00
Samuel Attard
5d657dece4
build: enable JS semicolons (#22783) 2020-03-20 13:28:31 -07:00
Samuel Attard
0090616f7b
feat: add a new contextBridge module (#20307)
* feat: add a new contextBridge module

* chore: fix docs linting

* feat: add support for function arguments being proxied

* chore: ensure that contextBridge can only be used when contextIsolation is enabled

* docs: getReverseBinding can be null

* docs: fix broken links in md file

* feat: add support for promises in function parameters

* fix: linting failure for explicit constructor

* Update atom_api_context_bridge.cc

* chore: update docs and API design as per feedback

* refactor: remove reverse bindings and handle GC'able functions across the bridge

* chore: only expose debugGC in testing builds

* fix: do not proxy promises as objects

* spec: add complete spec coverage for contextBridge

* spec: add tests for null/undefined and the anti-overwrite logic

* chore: fix linting

* spec: add complex nested back-and-forth function calling

* fix: expose contextBridge in sandboxed renderers

* refactor: improve security of default_app using the new contextBridge module

* s/bindAPIInMainWorld/exposeInMainWorld

* chore: sorry for this commit, its a big one, I fixed like everything and refactored a lot

* chore: remove PassedValueCache as it is unused now

Values transferred from context A to context B are now cachde in the RenderFramePersistenceStore

* chore: move to anonymous namespace

* refactor: remove PassValueToOtherContextWithCache

* chore: remove commented unused code blocks

* chore: remove .only

* chore: remote commented code

* refactor: extract RenderFramePersistenceStore

* spec: ensure it works with numbered keys

* fix: handle number keys correctly

* fix: sort out the linter

* spec: update default_app asar spec for removed file

* refactor: change signatures to return v8 objects directly rather than the mate dictionary handle

* refactor: use the v8 serializer to support cloneable buffers and other object types

* chore: fix linting

* fix: handle hash collisions with a linked list in the map

* fix: enforce a recursion limit on the context bridge

* chore: fix linting

* chore: remove TODO

* chore: adapt for PR feedback

* chore: remove .only

* chore: clean up docs and clean up the proxy map when objects are released

* chore: ensure we cache object values that are cloned through the V8 serializer
2019-10-18 12:57:09 -07:00