There are use cases of webview where the container holding the webview is not
actually destroyed first, instead just webview gets removed from DOM, in such
situations the browser process map is not updated accordingly and holds reference
to stale guest contents, and any window operations like scroll, resize or keyboard
events that has to chain through browser embedder will lead to UAF crash.
Ref: https://github.com/microsoft/vscode/issues/92420
Prevent issues with menu creation and subsequent pane focus from menu bar by preventing menus from being created from an empty array. I can't conceive a valid use case for this, since if one wants to remove a menu they should be be passing null to win.setMenu() or calling win.removeMenu(). This issue is also specific to top-level menus, and not submenus, so the new check and exception is scoped to top-level menus.
* refactor: port window.open and window.opener to use ctx bridge instead of hole punching
* refactor: only run the isolated init bundle when webview is enabled
* test: add pre-change snapshot of new-window event
* move to .ts file for easier diff
* refactor: improve feature string parsing logic
* test: update snapshots
* update type names per review
* update comma-separated parse test
* use for loop instead of reduce per review
* tighten up types
* avoid variable guest contents id returnValue in test snapshot
* chore: add WebContentsView.webContents helper
* chore: no need to handle webContents option
* chore: Create WebContentsView in C++
* chore: make WebContentsView accept web_preferences
* fix: nativeWindowOpen still passes WebContents to BrowserWindow
* chore: no more need of WebContentsViewRelay
* test: WebContentsView now takes options
* fix: avoid creating 2 constructors
* chore: remove unused views API classes
* chore: remove LayoutManager code
* chore: no more need to make View inherit from TrackabeObject
* chore: make enable_view_api default to true
* chore: enable_view_api => enable_views_api
* fix: remove bad usages of for-in and guard against it
* Apply suggestions from code review
Co-Authored-By: Samuel Maddock <samuel.maddock@gmail.com>
* Apply suggestions from code review
Co-Authored-By: Jeremy Apthorp <jeremya@chromium.org>
* Update remote.js
Co-authored-by: Samuel Maddock <samuel.maddock@gmail.com>
Co-authored-by: Jeremy Apthorp <jeremya@chromium.org>
* chore: add deprecation warning on setting app.allowRendererProcessReuse to false
* fix: no deprecation warnings in process reuse spec
* chore: add test for new deprecate removeProperty behavior
* feat: add API for receiving logs from service workers
* feat: add new serviceWorkerContext APIs
* chore: add missing #include's
* refactor: rename serviceWorkerContext to serviceWorkers
* chore: clean up based on review
* chore: remove native_mate
* chore: add tests for the service worker module
* Update spec-main/api-service-workers-spec.ts
Co-Authored-By: Jeremy Apthorp <jeremya@chromium.org>
* chore: fix linting
* chore: handle renames
Co-authored-by: Jeremy Apthorp <nornagon@nornagon.net>
* fix: remove cyclic references in BrowserWindow
* fix: prevent TopLevelWindow from garbage collection
* test: garbage collection of BrowserWindow
* chore: createIDWeakMap is used in tests
* docs: add references to app.whenReady() in isReady
* refactor: prefer app.whenReady()
In the docs, specs, and lib, replace instances of `app.once('ready')`
(seen occasionally) and `app.on('ready')` (extremely common) with
`app.whenReady()`.
It's better to encourage users to use whenReady():
1. it handles the edge case of registering for 'ready' after it's fired
2. it avoids the minor wart of leaving an active listener alive for
an event that wll never fire again
* fix: use powerMonitor.on() only after app is ready
powerMonitor can't be used until the app is ready; however, on Linux,
powerMonitor.on() was called as soon as lib/browser/api/power-monitor.ts
was loaded.
This patch takes @vladimiry's suggestion of wrapping that in an
app.on('ready') handler to prevent powerMonitor.on() from being called
prematurely.
Fixes#21716
* test: fix some failing and disabled node specs
These tests were failing due to mismatched stacktraces as a result of
our Module._load hook. This fixes those by adding a flag to optionally
not hook those calls and instead do the asar override eagily.
* ELECTRON_EAGER_ASAR_HOOK => ELECTRON_EAGER_ASAR_HOOK_FOR_TESTING
* test: parallel/test-zlib-unused-weak consistently fails
Co-authored-by: Cheng Zhao <zcbenz@github.com>
* fix: menu visibility should not be overwritten on startup
* fix: removing menu for window without global menubar
* test: setMenu tests are not for mac
* feat: add a new contextBridge module
* chore: fix docs linting
* feat: add support for function arguments being proxied
* chore: ensure that contextBridge can only be used when contextIsolation is enabled
* docs: getReverseBinding can be null
* docs: fix broken links in md file
* feat: add support for promises in function parameters
* fix: linting failure for explicit constructor
* Update atom_api_context_bridge.cc
* chore: update docs and API design as per feedback
* refactor: remove reverse bindings and handle GC'able functions across the bridge
* chore: only expose debugGC in testing builds
* fix: do not proxy promises as objects
* spec: add complete spec coverage for contextBridge
* spec: add tests for null/undefined and the anti-overwrite logic
* chore: fix linting
* spec: add complex nested back-and-forth function calling
* fix: expose contextBridge in sandboxed renderers
* refactor: improve security of default_app using the new contextBridge module
* s/bindAPIInMainWorld/exposeInMainWorld
* chore: sorry for this commit, its a big one, I fixed like everything and refactored a lot
* chore: remove PassedValueCache as it is unused now
Values transferred from context A to context B are now cachde in the RenderFramePersistenceStore
* chore: move to anonymous namespace
* refactor: remove PassValueToOtherContextWithCache
* chore: remove commented unused code blocks
* chore: remove .only
* chore: remote commented code
* refactor: extract RenderFramePersistenceStore
* spec: ensure it works with numbered keys
* fix: handle number keys correctly
* fix: sort out the linter
* spec: update default_app asar spec for removed file
* refactor: change signatures to return v8 objects directly rather than the mate dictionary handle
* refactor: use the v8 serializer to support cloneable buffers and other object types
* chore: fix linting
* fix: handle hash collisions with a linked list in the map
* fix: enforce a recursion limit on the context bridge
* chore: fix linting
* chore: remove TODO
* chore: adapt for PR feedback
* chore: remove .only
* chore: clean up docs and clean up the proxy map when objects are released
* chore: ensure we cache object values that are cloned through the V8 serializer
* fix: support fitToPageEnabled and scaleFactor
Support fitToPageEnabled and scaleFactor in `WebContents.printToPDF()`
* fix: change default value of scaleFactor
* refactor: use v8 serialization for ipc
* cloning process.env doesn't work
* serialize host objects by enumerating key/values
* new serialization can handle NaN, Infinity, and undefined correctly
* can't allocate v8 objects during GC
* backport microtasks fix
* fix compile
* fix node_stream_loader reentrancy
* update subframe spec to expect undefined instead of null
* write undefined instead of crashing when serializing host objects
* fix webview spec
* fix download spec
* buffers are transformed into uint8arrays
* can't serialize promises
* fix chrome.i18n.getMessage
* fix devtools tests
* fix zoom test
* fix debug build
* fix lint
* update ipcRenderer tests
* fix printToPDF test
* update patch
* remove accidentally re-added remote-side spec
* wip
* don't attempt to serialize host objects
* jump through different hoops to set options.webContents sometimes
* whoops
* fix lint
* clean up error-handling logic
* fix memory leak
* fix lint
* convert host objects using old base::Value serialization
* fix lint more
* fall back to base::Value-based serialization
* remove commented-out code
* add docs to breaking-changes.md
* Update breaking-changes.md
* update ipcRenderer and WebContents docs
* lint
* use named values for format tag
* save a memcpy for ~30% speedup
* get rid of calls to ShallowClone
* extra debugging for paranoia
* d'oh, use the correct named tags
* apparently msstl doesn't like this DCHECK
* funny story about that DCHECK
* disable remote-related functions when enable_remote_module = false
* nits
* use EnableIf to disable remote methods in mojom
* fix include
* review comments
Exposing these in the renderer didn't make sense as they weren't backed
by the same instance / value store. This API should be browser only
especially now that we have nativeTheme.themeSource. Exposing in
//common was a mistake from the beginning.
* feat: add new nativeTheme API
* chore: deprecate and clean up old systemPreferences theme APIs in favor of new nativeTheme module
* chore: clean up and deprecate things per feedback
* chore: add tests for deprecate and clean up invert impl
* build: when is a boolean not a boolean???
* restore stash
revert
some things work others dont
tracking area for rescue
manual popup
restore drag n drop
cleanup
* fix: make tray not block main process (#18880)
* fix: make tray not block main process
* make AtomMenuModel refcounted
* add support for ansi codes in title
add remove TODOs
* chore: use ScopedPumpMessagesInPrivateModes in tray (#18977)
* chore: use ScopedPumpMessagesInPrivateModes in tray
* revert refcounting of AtomMenuModel
* Prefer WeakPtr for posting tasks to handle unexpected destruction
* cleanup .h
* cleanup .mm
* add imports
add missing include
* fix: crash when tray popup called twice (#18999)
* remove highlightMode and TODOs
* remove unnecessary copy
* chore: bump chromium in DEPS to 675d7dc9f3334b15c3ec28c27db3dc19b26bd12e
* chore: update patches
* chore: bump chromium in DEPS to dce3562696f165a324273fcb6893f0e1fef42ab1
* chore: const interfaces are being removed from //content
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/1631749
Bug: https://bugs.chromium.org/p/chromium/issues/detail?id=908139
* chore: update patches
* chore: blink::MediaStreamType is now consistent and deduplicated
* chore: update patches and printing code for ref -> uniq
* chore: bridge_impl() --> GetInProcessNSWindowBridge
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/1642988
* fixme: TotalMarkedObjectSize has been removed
* chore: fix linting
* chore: bump chromium in DEPS to 9503e1a2fcbf17db08094d8caae3e1407e918af3
* chore: fix slightly broken printing patch
* chore: update patches for SiteInstanceImpl changes
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/1612025
* chore: update patches for SiteInstanceImpl changes
* chore: bump chromium in DEPS to 6801e6c1ddd1b7b73e594e97157ddd539ca335d7
* chore: update patches
* chore: bump chromium in DEPS to 27e198912d7c1767052ec785c22e2e88b2cb4d8b
* chore: remove system_request_context
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/1647172
* chore: creation of FtpProtocolHandler needs an auth cache
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/1639683
* fixme: disable marked spec
* chore: bump chromium in DEPS to 3dcd7fe453ad13a22b114b95f05590eba74c5471
* chore: bump chromium in DEPS to bdc24128b75008743d819e298557a53205706e7c
* chore: bump chromium in DEPS to 7da330b58fbe0ba94b9b94abbb8085bead220228
* update patches
* remove TotalMarkedObjectSize
https://chromium-review.googlesource.com/c/chromium/src/+/1631708
* add libvulkan.so to dist zip manifest on linux
* chore: bump chromium in DEPS to 1e85d0f45b52649efd0010cc9dab6d2804f24443
* update patches
* add angle features to gpuinfo
https://chromium-review.googlesource.com/c/chromium/src/+/1638658
* mark 'marked' property as deprecated
* disable webview resize test
* FIXME: disable vulkan on 32-bit arm
* chore: bump chromium in DEPS to cd0297c6a83fdd2b1f6bc312e7d5acca736a3c56
* Revert "FIXME: disable vulkan on 32-bit arm"
This reverts commit 5c1e0ef302a6db1e72231d4e823f91bb08e281af.
* backport from upstream: fix swiftshader build on arm
https://swiftshader-review.googlesource.com/c/SwiftShader/+/32768/
* update patches
* viz: update OutputDeviceWin to new shared memory api
https://chromium-review.googlesource.com/c/chromium/src/+/1649574
* base::Contains{Key,Value} => base::Contains
https://chromium-review.googlesource.com/c/chromium/src/+/1649478
* fixup! viz: update OutputDeviceWin to new shared memory api
* stub out StatusIconLinuxDbus-related delegate methods
https://chromium-review.googlesource.com/c/chromium/src/+/1638180
* chore: bump chromium in DEPS to 964ea3fd4bdc006d62533f5755043076220181f1
* Remove the BrowserContext methods to create URLRequestContexts for main/media partitions when a partition_domain is specified
https://chromium-review.googlesource.com/c/chromium/src/+/1655087
* fixup! stub out StatusIconLinuxDbus-related delegate methods
* add remote_cocoa to chromium_src deps
https://chromium-review.googlesource.com/c/chromium/src/+/1657068
* fixup! stub out StatusIconLinuxDbus-related delegate methods
* attempt at fix linux-debug build
* add swiftshader/libvulkan.so to arm manifest
* chore: bump chromium in DEPS to 28688f76afef27c36631aa274691e333ddecdc22
* update patches
* chore: bump chromium in DEPS to fe7450e1578a9584189f87d59d0d1a8548bf6b90
* chore: bump chromium in DEPS to f304dfd682dc86a755a6c49a16ee6876e0db45fb
* chore: bump chromium in DEPS to f0fd4d6c365aad9edd83bdfff9954c47d271b75c
* Update patches
* Remove no longer needed WOA patch
* Put back IOThread in BrowserProcess
We need this until we enable the network service.
* move atom.ico to inputs
* Update to latest LKGR to fix no template named 'bitset' in namespace 'std'
* fixup! Put back IOThread in BrowserProcess
* chore: bump chromium in DEPS to dcf9662dc9a896a175d791001350324167b1cad3
* Update patches
content_allow_embedder_to_prevent_locking_scheme_registry.patch is no longer necessary as it was upstreamed via https://chromium-review.googlesource.com/c/chromium/src/+/1637040
* Fix renamed enum
* Use newer docker container
Contains updated dependencies
* Try to track down arm test failures
* Fix arm tests
* chore: bump chromium in DEPS to 8cbceef57b37ee14b9c4c3405a3f7663922c5b5d
* Update patches
* Add needed dependencies for testing 32-bit linux
* Remove arm debugging.
* Remove additional debugging
* Fix compiler errors
* Handle new macOS helper
* Fix compile error on Linux
* chore: bump chromium in DEPS to 66a93991ddaff6a9f1b13d110959947cb03a1860
* Add new helper files to manifests
* fix BUILD.gn for macOS
* Fix compile errors
* Add patch to put back colors needed for autofill/datalist
* chore: bump chromium in DEPS to e89617079f11e33f33cdb3924f719a579c73704b
* Updated patches
* Remove no longer needed patch
* Remove no longer needed patch
* Fix compile error with patch
* Really fix the patch
* chore: bump chromium in DEPS to c70f12476a45840408f1d5ff5968e7f7ceaad9d4
* chore: bump chromium in DEPS to 06d2dd7a8933b41545a7c26349c802f570563fd5
* chore: bump chromium in DEPS to b0b9ff8f727deb519ccbec7cf1c8d9ed543d88ab
* Update patches
* Fix compiler errors
* Fix removed ChromeNetLog
* Revert "Fix removed ChromeNetLog"
This reverts commit 426dfd90b5ab0a9c1df415d71c88e8aed2bd5bbe.
* Remove ChromeNetLog.
https://chromium-review.googlesource.com/c/chromium/src/+/1663846
* chore: bump chromium in DEPS to fefcc4926d58dccd59ac95be65eab3a4ebfe2f29
* Update patches
* Update v8 patches
* Fix lint error
* Fix compile errors
* chore: bump chromium in DEPS to 4de815ef92ef2eef515506fe09bdc466526a8fd9
* Use custom protocol to test baseURLForDataURL
* Use newer SDK (10.0.18362) for Windows
* Update patches
* Update arm manifest since swiftshader reenabled.
* Don't delete dir that isn't ever there.
* Fix compile errors.
* Need src dir created
* Update for removed InspectorFrontendAPI.addExtensions
* Revert "Use newer SDK (10.0.18362) for Windows"
This reverts commit 68763a0c88cdc44b971462e49662aecc167d3d99.
* Revert "Need src dir created"
This reverts commit 7daedc29d0844316d4097648dde7f40f1a3848fb.
* Revert "Don't delete dir that isn't ever there."
This reverts commit bf424bc30ffcb23b1d9a634d4df410342536640e.
* chore: bump chromium in DEPS to 97dab6b0124ea53244caf123921b5d14893bcca7
* chore: bump chromium in DEPS to c87d16d49a85dc7122781f6c979d354c20f7f78b
* chore: bump chromium in DEPS to 004bcee2ea336687cedfda8f8a151806ac757d15
* chore: bump chromium in DEPS to 24428b26a9d15a013b2a253e1084ec3cb54b660b
* chore: bump chromium in DEPS to fd25914e875237df88035a6abf89a70bf1360b57
* Update patches
* Update node to fix build error
* Fix compile errors
* chore: bump chromium in DEPS to 3062b7cf090f1d9522c04ca8fa0a906f88ababe9
* chore: update node ref for pushed tags
* chore: update patches for new chromium
* chore: fix printing patches
* Use new (10.0.18362) Windows SDK
* roll node to fix v8 build issues in debug build
* Add support for plugin helper
* fix: add patch to fix gpu info enumeration
Can be removed once CL lands upstream.
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/1685993
* spec: navigator.requestMIDIAccess now requires a secure origin
This test requires a secure origin so we fake one.
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/1657952
* FIXME: temporarily disable SharedWorker tests
* use released version of node-abstractsocket
* fix abstract-socket
* fix: disable remote host nodeIntegration warning for localhost
In warnAboutNodeWithRemoteContent(), add a check to see if the hostname
is "localhost" and prevent the warning message if it is.
* fix: disable loading insecure resources warning for localhost
In warnAboutInsecureResources(), filter out resources from localhost
since they are most likely not a threat.
* test: add tests for ignoring security warnings when using localhost
Add tests for ignoring warning messages for the following scenarios:
1. node integration with remote content from localhost
2. loading insecure resources from localhost
* test: fix insecure resource test
* test: pass nodeIntegration with remote test on did-finish-load
* test: maybe fix node integration test (error w/ conv circular struct)
* test: update test description
* test: use "load" event to check when nodeIntegration test has finished
Instead of relying on the "did-finish-load" event, which may result in
a race condition, add an "onload" handler that logs "loaded" to the
console. This will execute _after_ the nodeIntegration check, so it
can be safely used as a signal to indicate that the test is done.
* test: rename base-page-security-load-message.html
* fix: ignore enabled remote module warning for localhost
* refactor: add isLocalhost()
Historically, we've been passing in all MessageBox parameters individually, which makes augmenting or improving MessageBox functionality challenging because to change or add even one argument requires a huge cascade of argument changes that leaves room for errors.
For other file dialog related APIs, we use a struct (DialogSettings), and so this PR takes a similar approach and refactors MessageBox parameters into a struct (MessageBoxSettings) which we then use to simplify argument passing and which will enable us to more quickly iterate and improve upon functionality in the future.
* Initial changes to use crashpad for windows
* Remove crashpad patch
* Report error when failed to connect pipe
* Allow crashpad to communicate with named pipe
* Add patch to make crashpad named pipe work
* Windows also needs crashReporter on main process
* Call SetUnhandledExceptionFilter in node process
Node can also use crash reporter.
* Do not treat node process as browser process
* No more need to manually start crash service
* Use base::StringPrintf for better readbility
* Print error when pipe name not available
* Make sure pipe name is updated
Note that the crashpad may be started after renderer process gets
created.
* Fix some tests
* Update node
* Exclude crashpad files on Linux and MAS
* Fix lint warning
* Remove unused checks
* kCrashpadPipeName is only available on Windows
* Fix uploadToServer tests
* Fix extra params tests
* Fix getCrashesDirectory tests
* Run crashReporter tests on CI
* Style fixes
* Update crashreporter docs
* Rename InitBreakpad to Init
* Add comment for process_type_.empty() and UTF16ToASCII to UTF16ToUTF8.
* Update build.gn include crashpad headers
* Address comment https://github.com/electron/electron/pull/18483#discussion_r290887898
* Avoid using api::WebContents
* Put kRunAsNode in atom_constants
* Remove duplicate settings on upload params
* Fix building on macOS
* Update description for crashpad_pid_check.patch
Previously we loaded both fs and child_process and then hooked into
the returned value, relying on the module cache to keep our modifications
and give them to everyone.
Loading child_process took in excess of 20ms though so instead of loading
it and then hooking in. We intercept all Module load requests, and when
the first one for `child_process` comes in, we wrap the appropriate methods
and then never touch it again.
* refactor: bundle the browser and renderer process electron code
* Bundles browser/init and renderer/init
* Improves load performance of main process by ~40%
* Improves load performance of renderer process by ~30%
* Prevents users from importing our "requiring" our internal logic such
as ipc-main-internal. This makes those message buses safer as they are
less accessible, there is still some more work to be done though to lock
down those buses completely.
* The electron.asar file now only contains 2 files, as a future
improvement maybe we can use atom_natives to ship these two files
embedded in the binary
* This also removes our dependency on browserify which had some strange
edge cases that caused us to have to hack around require-order and
stopped us using certain ES6/7 features we should have been able to use
(async / await in some files in the sandboxed renderer init script)
TLDR: Things are faster and better :)
* fix: I really do not want to talk about it
* chore: add performance improvements from debugging
* fix: resolve the provided path so webpack thinks it is absolute
* chore: fixup per PR review
* fix: use webpacks ProvidePlugin to keep global, process and Buffer alive after deletion from global scope for use in internal code
* fix: bundle worker/init as well to make node-in-workers work
* chore: update wording as per feedback
* chore: make the timers hack work when yarn is not used
We now create a new instance of atom::api::DesktopCapturer for every
request instead of weirdly re-using the same instance and queuing
requests. This means there is now a 1:1 relationship between request
and DesktopCapturer so there isn't a race condition between the observer
for one request calling back before the observer of another. This is an
issue ever since the backing APIs moved to worker threads.
This also does a few things to ensure memory management
* Only ever listen to one event per-request, after that we wipe the emit
function to ignore all future events
* Ensures we clean up the window_capturer_, screen_capturer_ and
captured_sources_ in native land once the request is over.
This _in theory_ fixes a flake we've been seeing on CI where we try to
resolve the promise for a request that no longerr exists.
* fix: add boringssl backport to support node upgrade
* fix: Update node_includes.h, add DCHECK macros
* fix: Update node Debug Options parser usage
* fix: Fix asar setup
* fix: using v8Util in isolated context
* fix: make "process" available in preload scripts
* fix: use proper options parser and remove setting of _breakFirstLine
_breakFirstLine was being set on the process, but that has changed in node 12 and so is no longer needed. Node will handle it properly when --inspect-brk is provided
* chore: update node dep sha
* fix: process.binding => _linkedBinding in sandboxed isolated preload
* fix: make original-fs work with streams
* build: override node module version
* fix: use _linkedBinding in content_script/init.js
* chore: update node ref in DEPS
* build: node_module_version should be 73
* spec: clean up after a failed window count assertion
Previously when this assertion failed all tests that ran after the
failed assertion also failed. This ensure that the assertion fails for
the test that actually caused the issue but cleans up the left-over
windows so that future tests do not fail.
* fix: maintain a ref count for objects sent over remote
Previously there was a race condition where a GC could occur in the
renderer process between the main process sending a meta.id and the
renderer pulling the proxy out its weakmap to stop it being GC'ed.
This fixes that race condition by maintaining a "sent" ref count in the
object registry and a "received" ref count in the object cache on the
renderer side. The deref request now sends the number of refs the
renderer thinks it owns, if the number does not match the value in the
object registry it is assumed that there is an IPC message containing a
new reference in flight and this race condition was hit.
The browser side ref count is then reduced and we wait for the new deref
message. This guaruntees that an object will only be removed from the
registry if every reference we sent has been guarunteed to be unreffed.
By default the Chromedriver will send remote-debugging-port=0 to let the
browser choose a free port to listen on. The chosen port is written to
a known file in the user data dir that is passed to the app through the
CLI.
This PR does two things.
1. Correctly passes the USER_DATA_DIR to the remote debugging server so
it knows where to write the file
2. Adds support for --user-data-dir as we did not support that CLI
argument and Chromedriver relies on being able to tell the "browser"
where to write this file.
Fixes#17354
* refactor: use mojo for electron internal IPC
* add sender_id, drop MessageSync
* remove usages of AtomFrameMsg_Message
* iwyu
* first draft of renderer->browser direction
* refactor to reuse a single ipc interface
* implement TakeHeapSnapshot through mojo
* the rest of the owl^WtakeHeapSnapshot mojofication
* remove no-op overrides in AtomRendererClient
* delete renderer-side ElectronApiServiceImpl when its pipe is destroyed
* looks like we don't need to overlay the renderer manifest after all
* don't try to send 2 replies to a sync rpc
* undo changes to manifests.cc
* unify sandboxed + unsandboxed ipc events
* lint
* register ElectronBrowser mojo service on devtools WebContents
* fix takeHeapSnapshopt failure paths
* {electron_api => atom}::mojom
* add send_to_all to ElectronRenderer::Message
* keep interface alive until callback is called
* review comments
* use GetContext from RendererClientBase
* robustify a test that uses window.open
* MessageSync posts a task to put sync messages in the same queue as async ones
* add v8::MicrotasksScope and node::CallbackScope
* iwyu
* use weakptr to api::WebContents instead of Unretained
* make MessageSync an asynchronous message & use non-associated interface
* iwyu + comments
* remove unused WeakPtrFactory
* inline OnRendererMessage[Sync]
* cleanups & comments
* use helper methods instead of inline lambdas
* remove unneeded async in test
* add mojo to manifests deps
* add gn check for //electron/manifests and mojo
* don't register renderer side service until preload has been run
* update gn check targets list
* move interface registration back to RenderFrameCreated
* fix: match net module headers & http.IncomingMessage headers
* update net doc for cleanliness
* address feedback from review
* Update spec/api-net-spec.js
Co-Authored-By: codebytere <codebytere@github.com>
* add special cookie case
* fix: ensure dots in content script patterns aren't used as wildcards
* chore: sanitise all regexp special chars
* chore: extract to helper
* chore: fixup helper
* Execute content script in isolated world
* Inject script into newly created extension worlds
* Create new content_script_bundle for extension scripts
* Initialize chrome API in content script bundle
* Define Chrome extension isolated world ID range
1 << 20 was chosen as it provides a sufficiently large range of IDs for extensions, but also provides a large enough buffer for any user worlds in [1000, 1 << 20).
Ultimately this range can be changed if any user application raises it as an issue.
* Insert content script CSS into document
This now avoids a script wrapper to inject the style sheet. This closely matches the code used by chromium in `ScriptInjection::InjectCss`.
* Pass extension ID to isolated world via v8 private
* feat: add support for content scripts 'all_frames' option
* merged content script tests
'all_frames' test now runs on all variants of sandbox/contentIsolation configurations :D
* refactor: load electron builtin modules with process._linkedBinding
NODE_BUILTING_MODULE_CONTEXT_AWARE and process.binding are
removed in https://github.com/nodejs/node/pull/25829. This changes
uses the alternative available without any functionality change.
* chore: roll node
* Add content script injector to sandboxed renderer
* Fix 'getRenderProcessPreferences' binding to the wrong object
* Pass getRenderProcessPreferences to content-scripts-injector
* Emit document-start and document-end events in sandboxed renderer
* Use GetContext from RendererClientBase
* Prevent script context crash caused by lazily initialization
* Remove frame filtering logic for onExit callback
Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.
* Add initial content script tests
* Add contextIsolation variants to content script tests
* Add set include
* Fix already loaded extension error
* Add tests for content scripts 'run_at' options
* Catch script injection eval error when CSP forbids it
This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.
* Fix content script tests not properly cleaning up extensions
* Fix lint and type errors
`powerMonitor.querySystemIdleState` and `powerMonitor.querySystemIdleTime` had async backing APIs in chromium (https://chromium-review.googlesource.com/c/chromium/src/+/1379183). However, that has changed in ch73. So, this PR deprecates the old async APIs and adds new sync APIs.
* refactor: Port inspector to TypeScript
* refactor: Add another type to inspector
* refactor: Use correct paths
* Update lib/renderer/inspector.ts
Co-Authored-By: felixrieseberg <felix@felixrieseberg.com>
* refactor: Implement feedback <3
* refactor: Don't define blob at all
* fix: Correct type
* refactor: Port renderer/init to TypeScript
* Update lib/renderer/init.ts
Co-Authored-By: felixrieseberg <felix@felixrieseberg.com>
* refactor: Type this a bit more loosely
* refactor: Type parseOption strictly
* refactor: Port security-warnings to TypeScript
* chore: make aliasify work on .ts files as well
* refactor: Implement feedback <3
* refactor: Correctly call executeJavaScript
* chore: make aliasify work on .ts files as well
* refactor: Port ipc-renderer-internal to TypeScript
* refactor: Correctly import internal ipcRenderer
* refactor: One more rename
* refactor: Fix one more lint issue
* refactor: Correctly reference ipcRendererInternal
* chore: refactor browser IPC into typescript
* chore: refactor app.ts into Typescript
* Refactors app.dock into cpp
* Removes app.launcher which has not existed for 3 years
* Removes 2 deprecated APIs (that have been deprecated for more than one
major)
* Refactors deprecate.ts as well
* feat: promisify webContents.savePage()
* no need to make compatible w callbacks, we're breaking it
* fix promise resolve type
* address feedback from review
* fix promise return text
* update smoke test
* refactor: Port window-setup to TS
* refactor: Make the linter happy
* refactor: Sneaky little TS error
* refactor: Correctly import window-setup
* refactor: Implement feedback <3
* refactor: Allow decorators in TS
* refactor: Use named windowSetup in isolatedRenderer
* refactor: Help TS understand
* refactor: Welp, use createEvent again
* refactor: Use the correct target in the decorator
* fix: pass result to chrome.tabs.executeScript callback
Additionally, remove `nextId` counter in favor of `originResultID` counter which is more widely used in this file.
* fix: remove need for eslint override and better match style
* chore: Add new webFrame IsolatedWorldInfo API and deprecate
* Flag deprecated methods in documentation
* address comments
* Address review comments
* remove unused variable
* Update based on review
* fix: do not create native api::WebFrame in webFrame
When reloading a page without restarting renderer process (for example
sandbox mode), the blink::WebFrame is not destroyed, but api::WebFrame
is always recreated for the new page context. This leaves a leak of
api::WebFrame.
* fix: remove spell checker when page context is released
This PR better preserves existing behavior in `deprecate.promisify()` in the cases where the promise fails. Previously, if a callback was only called with `data` instead of `err, data` and the promise was rejected, `data` would be populated with `err`, which could be confusing to users. This makes it such that `err` is called back on promise rejection if a callback is called with `err, data` a la Node.js.
* feat: promisify the Cookie API
* chore: update specs to test promisified cookies
* chore: add deprecate wrapper for cookie callback API
* docs: update docs to cookie promise changes
* chore: remove redundant namespace use
* docs: improve cookie example
* docs: restore docs for cookie callback API
* chore: restore cookie callback tests
* fix: syntax of cookie promise return types
* feat: add support for node / preloads in subframes
This feature has delibrately been built / implemented in such a way
that it has minimum impact on existing apps / code-paths.
Without enabling the new "nodeSupportInSubFrames" option basically none of this
new code will be hit.
The things that I believe need extra scrutiny are:
* Introduction of `event.reply` for IPC events and usage of `event.reply` instead of `event.sender.send()`
* Usage of `node::FreeEnvironment(env)` when the new option is enabled in order to avoid memory leaks. I have tested this quite a bit and haven't managed to cause a crash but it is still feature flagged behind the "nodeSupportInSubFrames" flag to avoid potential impact.
Closes#10569Closes#10401Closes#11868Closes#12505Closes#14035
* feat: add support preloads in subframes for sandboxed renderers
* spec: add tests for new nodeSupportInSubFrames option
* spec: fix specs for .reply and ._replyInternal for internal messages
* chore: revert change to use flag instead of environment set size
* chore: clean up subframe impl
* chore: apply suggestions from code review
Co-Authored-By: MarshallOfSound <samuel.r.attard@gmail.com>
* chore: clean up reply usage
* chore: fix TS docs generation
* chore: cleanup after rebase
* chore: rename wrap to add in event fns
Unify the behavior between default app and packaged apps:
- create default application menu unless the app has one
- default window-all-closed handling unless the app handles the event
* fix: use Chromium's determined new site instance as candidate when navigating.
When navigating to a new address, consider using Chromium's determined site instance
for the new page as it should belong to an existing browsing instance when the
navigation was triggered by window.open().
fixes 8100.
* Revert "fix: use Chromium's determined new site instance as candidate when navigating."
This reverts commit eb95f935654a2c4d4457821297670836c10fdfd5.
* fix: delegate site instance creation back to content when sandboxed.
* fix: ensure site isolation is on
* test: adapt ut for cross-site navigation
* fix: register pending processes during a navigation.
* refactor: dont call loadURL for a window constructed from an existing webContents.
* test: add sandboxed affinity UT's.
* fix: check affinity before deciding if to force a new site instance.
* chore: adapt subsequent patch.
* refactor: constify logically const methods.
* fix: do not reuse site instances when navigation redirects cross-site.
* test: ensure localStorage accessible after x-site redirect.
* test: adapt localStorage acess denied UT for site isolation.
* fix: do not send render-view-deleted for speculative frames.
* chore: amend tests after rebase.
* test: add ut for webContents' render-view-deleted emission
* fix: introduce current-render-view-deleted for current RVH's deletions.
Revert render-view-deleted to being emitted with any RVH's deletion.
current-render-view-deleted is emitted only when the RVH being deleted
is the current one.
* refactor: style and comments fixed.
* feat: add registerAccelerator flag to allow menu items to skip registration
* docs: add docs for registerAccelerator
* docs: re-add accidentally removed line
With mixed sandbox enabled we need to load the chrome.* APIs in the
sandbox init.js so that chrome extensions load correctly.
This mirrors the equivilant impl in `atom_renderer_client.cc`
Fixes#15561
Extend the existing win.setBounds functionality by allowing developers to partially update bounds without being forced to pass in all four bounds values. No existing functionality is altere
* refactor: remove -new-contents-created event
Chromium expects us to take ownership of WebContents in AddNewContents,
we should not create V8 wrapper in WebContentsCreated, otherwise we
would have WebContents being managed by 2 unique_ptr at the same time.
* refactor: make CreateAndTake take unique_ptr
* Fix loading of devtools extensions on startup
The persisted DevTools Extensions were not being loaded correctly at startup. The `addDevToolsExtension` function was not defined when it was being called. An error was being thrown and ignored, so the whole thing would fail silently. I moved the code to load the extensions to the end of the event handler, so now it works.
* fixup: remove trailing spaces to unblock CI
* fixup: add logging when the Electron Enable Logging env var is set
* Fix linter error on undefined srcDirectory
* fixup: catch exception when loading extension
* Revert "fixup: catch exception when loading extension"
This reverts commit 42c2cf95bcaab8abfc5fbecbe4365d3adfe36d5b.
* remove printing related things from chromium_src
* chore: add printing build flag and patch
* fix: include PrintingService on other platforms too
* fix: printing_handler is only needed on Windows
* fix: format BUILD.gn properly
* fix: rename printing build flag to avoid conflict with chromium
* fix: place previously missed printing calls behind build flag
* fix: accidentally renamed flag in patch file
* fix: don't include all printing strings
* fix: allow ShowItemInFolder and OpenItem to block, fixing a DCHECK crash
* fix: make things compile, some changes got lost while rebasing
* fix: remove rogue line from BUILD.gn
* chore: update patch description
* style: lint fix
* chore: use chromium printing buildflag, move node related stuff out of patch
* revert: remove ScopedAllowBlockingForTesting call
* fix: fix my rebase blooper
* fix: re-add header lost during rebase, update patch
* fix: add <map> include, tweak the patch a bit
* revert: remove rogue diff from patch
* fix: clean up after rebase