* Execute content script in isolated world
* Inject script into newly created extension worlds
* Create new content_script_bundle for extension scripts
* Initialize chrome API in content script bundle
* Define Chrome extension isolated world ID range
1 << 20 was chosen as it provides a sufficiently large range of IDs for extensions, but also provides a large enough buffer for any user worlds in [1000, 1 << 20).
Ultimately this range can be changed if any user application raises it as an issue.
* Insert content script CSS into document
This now avoids a script wrapper to inject the style sheet. This closely matches the code used by chromium in `ScriptInjection::InjectCss`.
* Pass extension ID to isolated world via v8 private
* feat: add support for content scripts 'all_frames' option
* merged content script tests
'all_frames' test now runs on all variants of sandbox/contentIsolation configurations :D
* refactor: load electron builtin modules with process._linkedBinding
NODE_BUILTING_MODULE_CONTEXT_AWARE and process.binding are
removed in https://github.com/nodejs/node/pull/25829. This changes
uses the alternative available without any functionality change.
* chore: roll node
* Add content script injector to sandboxed renderer
* Fix 'getRenderProcessPreferences' binding to the wrong object
* Pass getRenderProcessPreferences to content-scripts-injector
* Emit document-start and document-end events in sandboxed renderer
* Use GetContext from RendererClientBase
* Prevent script context crash caused by lazily initialization
* Remove frame filtering logic for onExit callback
Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.
* Add initial content script tests
* Add contextIsolation variants to content script tests
* Add set include
* Fix already loaded extension error
* Add tests for content scripts 'run_at' options
* Catch script injection eval error when CSP forbids it
This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.
* Fix content script tests not properly cleaning up extensions
* Fix lint and type errors
`powerMonitor.querySystemIdleState` and `powerMonitor.querySystemIdleTime` had async backing APIs in chromium (https://chromium-review.googlesource.com/c/chromium/src/+/1379183). However, that has changed in ch73. So, this PR deprecates the old async APIs and adds new sync APIs.
* refactor: Port inspector to TypeScript
* refactor: Add another type to inspector
* refactor: Use correct paths
* Update lib/renderer/inspector.ts
Co-Authored-By: felixrieseberg <felix@felixrieseberg.com>
* refactor: Implement feedback <3
* refactor: Don't define blob at all
* fix: Correct type
* refactor: Port renderer/init to TypeScript
* Update lib/renderer/init.ts
Co-Authored-By: felixrieseberg <felix@felixrieseberg.com>
* refactor: Type this a bit more loosely
* refactor: Type parseOption strictly
* refactor: Port security-warnings to TypeScript
* chore: make aliasify work on .ts files as well
* refactor: Implement feedback <3
* refactor: Correctly call executeJavaScript
* chore: make aliasify work on .ts files as well
* refactor: Port ipc-renderer-internal to TypeScript
* refactor: Correctly import internal ipcRenderer
* refactor: One more rename
* refactor: Fix one more lint issue
* refactor: Correctly reference ipcRendererInternal
* chore: refactor browser IPC into typescript
* chore: refactor app.ts into Typescript
* Refactors app.dock into cpp
* Removes app.launcher which has not existed for 3 years
* Removes 2 deprecated APIs (that have been deprecated for more than one
major)
* Refactors deprecate.ts as well
* feat: promisify webContents.savePage()
* no need to make compatible w callbacks, we're breaking it
* fix promise resolve type
* address feedback from review
* fix promise return text
* update smoke test
* refactor: Port window-setup to TS
* refactor: Make the linter happy
* refactor: Sneaky little TS error
* refactor: Correctly import window-setup
* refactor: Implement feedback <3
* refactor: Allow decorators in TS
* refactor: Use named windowSetup in isolatedRenderer
* refactor: Help TS understand
* refactor: Welp, use createEvent again
* refactor: Use the correct target in the decorator
* fix: pass result to chrome.tabs.executeScript callback
Additionally, remove `nextId` counter in favor of `originResultID` counter which is more widely used in this file.
* fix: remove need for eslint override and better match style
* chore: Add new webFrame IsolatedWorldInfo API and deprecate
* Flag deprecated methods in documentation
* address comments
* Address review comments
* remove unused variable
* Update based on review
* fix: do not create native api::WebFrame in webFrame
When reloading a page without restarting renderer process (for example
sandbox mode), the blink::WebFrame is not destroyed, but api::WebFrame
is always recreated for the new page context. This leaves a leak of
api::WebFrame.
* fix: remove spell checker when page context is released
This PR better preserves existing behavior in `deprecate.promisify()` in the cases where the promise fails. Previously, if a callback was only called with `data` instead of `err, data` and the promise was rejected, `data` would be populated with `err`, which could be confusing to users. This makes it such that `err` is called back on promise rejection if a callback is called with `err, data` a la Node.js.
* feat: promisify the Cookie API
* chore: update specs to test promisified cookies
* chore: add deprecate wrapper for cookie callback API
* docs: update docs to cookie promise changes
* chore: remove redundant namespace use
* docs: improve cookie example
* docs: restore docs for cookie callback API
* chore: restore cookie callback tests
* fix: syntax of cookie promise return types
* feat: add support for node / preloads in subframes
This feature has delibrately been built / implemented in such a way
that it has minimum impact on existing apps / code-paths.
Without enabling the new "nodeSupportInSubFrames" option basically none of this
new code will be hit.
The things that I believe need extra scrutiny are:
* Introduction of `event.reply` for IPC events and usage of `event.reply` instead of `event.sender.send()`
* Usage of `node::FreeEnvironment(env)` when the new option is enabled in order to avoid memory leaks. I have tested this quite a bit and haven't managed to cause a crash but it is still feature flagged behind the "nodeSupportInSubFrames" flag to avoid potential impact.
Closes#10569Closes#10401Closes#11868Closes#12505Closes#14035
* feat: add support preloads in subframes for sandboxed renderers
* spec: add tests for new nodeSupportInSubFrames option
* spec: fix specs for .reply and ._replyInternal for internal messages
* chore: revert change to use flag instead of environment set size
* chore: clean up subframe impl
* chore: apply suggestions from code review
Co-Authored-By: MarshallOfSound <samuel.r.attard@gmail.com>
* chore: clean up reply usage
* chore: fix TS docs generation
* chore: cleanup after rebase
* chore: rename wrap to add in event fns
Unify the behavior between default app and packaged apps:
- create default application menu unless the app has one
- default window-all-closed handling unless the app handles the event
* fix: use Chromium's determined new site instance as candidate when navigating.
When navigating to a new address, consider using Chromium's determined site instance
for the new page as it should belong to an existing browsing instance when the
navigation was triggered by window.open().
fixes 8100.
* Revert "fix: use Chromium's determined new site instance as candidate when navigating."
This reverts commit eb95f935654a2c4d4457821297670836c10fdfd5.
* fix: delegate site instance creation back to content when sandboxed.
* fix: ensure site isolation is on
* test: adapt ut for cross-site navigation
* fix: register pending processes during a navigation.
* refactor: dont call loadURL for a window constructed from an existing webContents.
* test: add sandboxed affinity UT's.
* fix: check affinity before deciding if to force a new site instance.
* chore: adapt subsequent patch.
* refactor: constify logically const methods.
* fix: do not reuse site instances when navigation redirects cross-site.
* test: ensure localStorage accessible after x-site redirect.
* test: adapt localStorage acess denied UT for site isolation.
* fix: do not send render-view-deleted for speculative frames.
* chore: amend tests after rebase.
* test: add ut for webContents' render-view-deleted emission
* fix: introduce current-render-view-deleted for current RVH's deletions.
Revert render-view-deleted to being emitted with any RVH's deletion.
current-render-view-deleted is emitted only when the RVH being deleted
is the current one.
* refactor: style and comments fixed.
* feat: add registerAccelerator flag to allow menu items to skip registration
* docs: add docs for registerAccelerator
* docs: re-add accidentally removed line
With mixed sandbox enabled we need to load the chrome.* APIs in the
sandbox init.js so that chrome extensions load correctly.
This mirrors the equivilant impl in `atom_renderer_client.cc`
Fixes#15561
Extend the existing win.setBounds functionality by allowing developers to partially update bounds without being forced to pass in all four bounds values. No existing functionality is altere
* refactor: remove -new-contents-created event
Chromium expects us to take ownership of WebContents in AddNewContents,
we should not create V8 wrapper in WebContentsCreated, otherwise we
would have WebContents being managed by 2 unique_ptr at the same time.
* refactor: make CreateAndTake take unique_ptr
* Fix loading of devtools extensions on startup
The persisted DevTools Extensions were not being loaded correctly at startup. The `addDevToolsExtension` function was not defined when it was being called. An error was being thrown and ignored, so the whole thing would fail silently. I moved the code to load the extensions to the end of the event handler, so now it works.
* fixup: remove trailing spaces to unblock CI
* fixup: add logging when the Electron Enable Logging env var is set
* Fix linter error on undefined srcDirectory
* fixup: catch exception when loading extension
* Revert "fixup: catch exception when loading extension"
This reverts commit 42c2cf95bcaab8abfc5fbecbe4365d3adfe36d5b.
* remove printing related things from chromium_src
* chore: add printing build flag and patch
* fix: include PrintingService on other platforms too
* fix: printing_handler is only needed on Windows
* fix: format BUILD.gn properly
* fix: rename printing build flag to avoid conflict with chromium
* fix: place previously missed printing calls behind build flag
* fix: accidentally renamed flag in patch file
* fix: don't include all printing strings
* fix: allow ShowItemInFolder and OpenItem to block, fixing a DCHECK crash
* fix: make things compile, some changes got lost while rebasing
* fix: remove rogue line from BUILD.gn
* chore: update patch description
* style: lint fix
* chore: use chromium printing buildflag, move node related stuff out of patch
* revert: remove ScopedAllowBlockingForTesting call
* fix: fix my rebase blooper
* fix: re-add header lost during rebase, update patch
* fix: add <map> include, tweak the patch a bit
* revert: remove rogue diff from patch
* fix: clean up after rebase
* [ci skip] refactor: create request context from network context
* [ci skip] refactor: subscribe to mojo cookiemanager for cookie changes
* [ci skip] refactor: manage the lifetime of custom URLRequestJobFactory
* refactor: use OOP mojo proxy resolver
* revert: add support for kIgnoreCertificateErrorsSPKIList
* build: provide service manifest overlays for content services
* chore: gn format
* fix: log-net-log switch not working as expected
* spec: verify proxy settings are respected from pac script with session.setProxy
* chore: use chrome constants where possible
* fix: initialize request context for global cert fetcher
* refactor: fix destruction of request context getters
* spec: use custom session for proxy tests
* fix: queue up additional stop callbacks while net log is being stopped
* fix: Add CHECK for cookie manager retrieval
* chore: add helper to retrieve logging state for net log module
* fix: ui::ResourceBundle::GetRawDataResourceForScale => GetRawDataResource
* style: comment unused parameters
* build: move //components/certificate_transparency deps from //brightray
* chore: update gritsettings_resource_ids patch
* chore: update api for chromium 68
* fix: net log instance is now a property of session
* Disable nodeIntegration
* Enable contextIsolation
* Re-implement the CSP security check to handle running in
contextIsolation
* Disable bad DCHECKS for the promise helper
* Remove the unused "-d" flag for the electron binary
* Added a way to hide the default help output for electron devs who
don't want to see it every time
* perf: use an internal module resolver instead of relative requires
* perf: memoize the results of getting exported Electron properties
* perf: make internal module changes consistent across sandboxed / bundled files
* chore: replace standard with eslint-config-standard
This adds support for --cache so linting JS only takes ~1 second and only lints things that changed
It also allows us to add custom linting rules
* chore: add eslint-plugin-mocha and enable the no-exclusive-tests rule
This will block anyone from pushing / merging a `.only` test or describe
* remove obsolete tests
* remove unused deprecate API
* make a warnOnce helper for the deprecate methods
* misc. copyediting, e.g. variable names, whitespace
* test that any deprecation warns once at most
* use strict
* fix: use render client id to track deleted render process hosts
Instead of relying on OS process id, which may not be unique
when a process is reused, we rely on the renderer client id
passed by the content layer when starting the renderer process
which is guaranteed to be unique for the lifetime of the app.
* fix: store context id as int64_t
Ensuring that it doesn't wrap easily with a large number
of context creation on some malformed web pages.
* chore: reformat code
* refactor: getOrCreateArchive() for ASARs
- store cached archive in a Map
- return `null` instead of `false` on failures
* refactor: splitPath() for ASARs
- store custom extension in a constant
- remove magic numbers
- add comments
* refactor: explicitly use assert() for a developer error
* chore: remove console.log() calls
* refactor: replace "p" arguments with "pathArgument"
"path" would be a better name, but it is already taken
but the "path" Node module.
* refactor: createError() for ASARs
- return an `Error` instance
- use enum for error types
- minor improvements
* refactor: use more meaningful name for an arg than just "arg"
* feat: deprecate default value of nodeIntegration
* Use DeprecationStatus::Stable as the default instead of shadowing
* change wording of deprecations
* chore: also deprecate kWebviewTag and kContextIsolation
* chore: do as we preach, lets be secure-by-default in the default app
RenderProcessHost switch can happen between ipc calls when
speculative process are invvolved, which will lead to deletion
of entries on current context. Use OS process handles to
uniquely associate a destruction handler for a render process.
* fix: use OOIF for webview tag
* fix: do not call GetNativeView for webview
* fix: OOIPF webview's WebContents is managed by embedder frame
* fix: guest view can not be focused
* fix: clear zoom controller when guest is destroyed
* fix: implement the webview resize event
The webview is no longer a browser plugin with the resize event, use
ResizeObserver instead.
* test: disable failed tests due to OOPIF webview
* fix: embedder can be destroyed earlier than guest
This happens when embedder is manually destroyed.
* fix: don't double attach
* fix: recreate iframe when webview is reattached
* fix: resize event may happen very early
* test: some tests are working after OOPIF webview
* chore: remove unused browser plugin webview code
* fix: get embedder via closure
When the "destroyed" event is emitted, the entry in guestInstances would be
cleared.
* chore: rename browserPluginNode to internalElement
* test: make the visibilityState test more robust
* chore: guestinstance can not work with OOPIF webview
* fix: element could be detached before got response from browser
After after using `processId-contextCounter` as contextId, it may happen
that contexts in different WebContents sharing the same renderer process
get the same contextId. Using webContentsId as part of key in
ObjectsRegistry can fix this.
Replaces 'did-finish-load' with 'did-stop-loading' which semantically
maps to the events inside Chromium. Before I think we were relying
on a natural 99% winnable race condition.
Fixes#13504