* refactor: clean up webFrame implementation to use gin wrappers
The previous implementation of webFrame in the renderer process leaked
sub-frame contexts and global objects across the context boundaries thus
making it possible for apps to either maliciously or accidentally
violate the contextIsolation boundary.
This re-implementation binds all methods in native code directly to
content::RenderFrame instances instead of relying on JS to provide a
"window" with every method request. This is much more consistent with
the rest of the Electron codebase and is substantially safer.
* chore: un-re-order for ease of review
* chore: pass isolate around instead of ErrorThrower
* chore: fix rebase typo
* chore: remove unused variables
* initial commit, mac implementation
* add documentation
* convert createThumbnailFromPath to async function
* windows impl protoype
* add tests
* added test
* fix
* fix test
* clean up
* update docs
* cleaning up code
* fix test
* retrigger CI
* retrigger CI
* refactor from app to native_image
* windows build
* lint
* lint
* add smart pointers, fix test
* change tests and update docs
* fix test, remove nolint
* add renderer-main process routing to fix tests
* lint
* thanks sam
* thanks sam
* feat: add a new contextBridge module
* chore: fix docs linting
* feat: add support for function arguments being proxied
* chore: ensure that contextBridge can only be used when contextIsolation is enabled
* docs: getReverseBinding can be null
* docs: fix broken links in md file
* feat: add support for promises in function parameters
* fix: linting failure for explicit constructor
* Update atom_api_context_bridge.cc
* chore: update docs and API design as per feedback
* refactor: remove reverse bindings and handle GC'able functions across the bridge
* chore: only expose debugGC in testing builds
* fix: do not proxy promises as objects
* spec: add complete spec coverage for contextBridge
* spec: add tests for null/undefined and the anti-overwrite logic
* chore: fix linting
* spec: add complex nested back-and-forth function calling
* fix: expose contextBridge in sandboxed renderers
* refactor: improve security of default_app using the new contextBridge module
* s/bindAPIInMainWorld/exposeInMainWorld
* chore: sorry for this commit, its a big one, I fixed like everything and refactored a lot
* chore: remove PassedValueCache as it is unused now
Values transferred from context A to context B are now cachde in the RenderFramePersistenceStore
* chore: move to anonymous namespace
* refactor: remove PassValueToOtherContextWithCache
* chore: remove commented unused code blocks
* chore: remove .only
* chore: remote commented code
* refactor: extract RenderFramePersistenceStore
* spec: ensure it works with numbered keys
* fix: handle number keys correctly
* fix: sort out the linter
* spec: update default_app asar spec for removed file
* refactor: change signatures to return v8 objects directly rather than the mate dictionary handle
* refactor: use the v8 serializer to support cloneable buffers and other object types
* chore: fix linting
* fix: handle hash collisions with a linked list in the map
* fix: enforce a recursion limit on the context bridge
* chore: fix linting
* chore: remove TODO
* chore: adapt for PR feedback
* chore: remove .only
* chore: clean up docs and clean up the proxy map when objects are released
* chore: ensure we cache object values that are cloned through the V8 serializer
* refactor: bundle the browser and renderer process electron code
* Bundles browser/init and renderer/init
* Improves load performance of main process by ~40%
* Improves load performance of renderer process by ~30%
* Prevents users from importing our "requiring" our internal logic such
as ipc-main-internal. This makes those message buses safer as they are
less accessible, there is still some more work to be done though to lock
down those buses completely.
* The electron.asar file now only contains 2 files, as a future
improvement maybe we can use atom_natives to ship these two files
embedded in the binary
* This also removes our dependency on browserify which had some strange
edge cases that caused us to have to hack around require-order and
stopped us using certain ES6/7 features we should have been able to use
(async / await in some files in the sandboxed renderer init script)
TLDR: Things are faster and better :)
* fix: I really do not want to talk about it
* chore: add performance improvements from debugging
* fix: resolve the provided path so webpack thinks it is absolute
* chore: fixup per PR review
* fix: use webpacks ProvidePlugin to keep global, process and Buffer alive after deletion from global scope for use in internal code
* fix: bundle worker/init as well to make node-in-workers work
* chore: update wording as per feedback
* chore: make the timers hack work when yarn is not used
* refactor: use mojo for electron internal IPC
* add sender_id, drop MessageSync
* remove usages of AtomFrameMsg_Message
* iwyu
* first draft of renderer->browser direction
* refactor to reuse a single ipc interface
* implement TakeHeapSnapshot through mojo
* the rest of the owl^WtakeHeapSnapshot mojofication
* remove no-op overrides in AtomRendererClient
* delete renderer-side ElectronApiServiceImpl when its pipe is destroyed
* looks like we don't need to overlay the renderer manifest after all
* don't try to send 2 replies to a sync rpc
* undo changes to manifests.cc
* unify sandboxed + unsandboxed ipc events
* lint
* register ElectronBrowser mojo service on devtools WebContents
* fix takeHeapSnapshopt failure paths
* {electron_api => atom}::mojom
* add send_to_all to ElectronRenderer::Message
* keep interface alive until callback is called
* review comments
* use GetContext from RendererClientBase
* robustify a test that uses window.open
* MessageSync posts a task to put sync messages in the same queue as async ones
* add v8::MicrotasksScope and node::CallbackScope
* iwyu
* use weakptr to api::WebContents instead of Unretained
* make MessageSync an asynchronous message & use non-associated interface
* iwyu + comments
* remove unused WeakPtrFactory
* inline OnRendererMessage[Sync]
* cleanups & comments
* use helper methods instead of inline lambdas
* remove unneeded async in test
* add mojo to manifests deps
* add gn check for //electron/manifests and mojo
* don't register renderer side service until preload has been run
* update gn check targets list
* move interface registration back to RenderFrameCreated
* Add content script injector to sandboxed renderer
* Fix 'getRenderProcessPreferences' binding to the wrong object
* Pass getRenderProcessPreferences to content-scripts-injector
* Emit document-start and document-end events in sandboxed renderer
* Use GetContext from RendererClientBase
* Prevent script context crash caused by lazily initialization
* Remove frame filtering logic for onExit callback
Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.
* Add initial content script tests
* Add contextIsolation variants to content script tests
* Add set include
* Fix already loaded extension error
* Add tests for content scripts 'run_at' options
* Catch script injection eval error when CSP forbids it
This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.
* Fix content script tests not properly cleaning up extensions
* Fix lint and type errors
