Commit graph

312 commits

Author SHA1 Message Date
Samuel Attard
795447f61a Implement dialog (alert/confirm) blocking as a user switch after the first dialog
* This is to enable more browser-like behavior so that users who run third-party code
  will not be DOS'ed with alerts and confirms.  This is already handled like this
  in most major browsers so this will greatly help these developers
2018-03-06 11:19:15 +09:00
John Kleinschmidt
2a97e48465
Merge pull request #11968 from electron/refactor-menu-popup
Refactor menu.popup
2018-02-21 14:29:52 -05:00
Charles Kerr
708f39a1a5 update a few menu.popup() calls to use the new API 2018-02-20 14:02:24 -06:00
Shelley Vohr
211b542ae4
remove setZoomLevelLimits 2018-02-20 08:57:48 -05:00
Felix Rieseberg
d586ef2f39 feature: Hot security tips (#11810)
* 🔧 Add security issue detection (and logs)

* 🔧 Check for it on load

* 👷 Add some tests

* 👷 Make the linter happy

* 🔧 Allow them to be enabled by force

* 📝 Make message slightly prettier

* 🔧 Fix a typo in the code comment

* 🔧 Classic mistake

* 🚀 Optimize things a bit more

* 👷 Add tests, fix tests

* 📝 Document things

* 🔧 Make linter happy

* 🔧 One more piece of cleanup
2018-02-03 07:50:12 -07:00
Shelley Vohr
b74304145e
createShadowRoot => attachShadow 2018-01-31 19:29:23 -05:00
Zhuo Lu
d45914c3f7 MenuItem roles camelCase-compatible 2017-12-28 13:28:20 +08:00
Cheng Zhao
cb3a9c69ab Add a SessionPreferences to manage session related data
By design the BrowserClient should not be aware of the api:: classes.
2017-12-05 15:59:15 +09:00
Samuel Attard
d9359d8b6c s/global/session in constants 2017-12-05 11:35:53 +09:00
Samuel Attard
d2707315e6 s/global/session 2017-12-05 11:35:53 +09:00
Samuel Attard
0ddd078aaf Add ability to set global preload scripts 2017-12-05 11:35:27 +09:00
Cheng Zhao
59476f0b30 Create webContents for webview even when src is not set 2017-12-01 10:35:23 +09:00
Felix Rieseberg
f7d6e3fa7b 🔧 Disable standard/no-callback-literal where necessary 2017-11-23 13:53:03 -08:00
Charles Kerr
5eb00e45aa
Merge pull request #11158 from electron/execute-errors
fix: Pass on errors thrown in `executeJavaScript`
2017-11-20 09:14:05 -06:00
Ronald Eddy
14c6e78147 Update electron.atom.io -> electronjs.org
Update electron.atom.io -> electronjs.org to reduce redirects and speed navigation.
2017-11-19 04:01:33 -08:00
Felix Rieseberg
1dea186a6e :thinking_face: What if you could return an Error? 2017-11-18 00:50:53 -08:00
Shelley Vohr
8736a41cfb
Merge pull request #10909 from electron/update_remote
Simplify and remove excess code from remote module
2017-11-03 09:16:28 -04:00
Shelley Vohr
803fa35484
fix null value check 2017-11-03 08:47:21 -04:00
Shelley Vohr
2b2c7d7f9f
fix object serialization test issue 2017-11-02 21:29:17 -04:00
Shelley Vohr
5c318932c2
add some structural changes 2017-11-02 21:07:40 -04:00
Charles Kerr
1c09dede1a singletons that are retroactively turned into EventEmitters should call the EventEmitter ctor 2017-11-01 23:05:27 -05:00
John Kleinschmidt
beb06c0787 Merge pull request #10537 from qazbnm456/improve-content_scripts.css
[Security] Use textContent instead innerHTML to remediate DOM based XSS
2017-10-26 11:51:43 -04:00
Shelley Vohr
5f6f117bad
changes from review 2017-10-25 23:41:11 -04:00
Shelley Vohr
d4880b135a
revert ipc lookup table 2017-10-25 15:36:16 -04:00
Shelley Vohr
c0f2a7b44a
fix standard issues 2017-10-25 09:56:02 -04:00
Shelley Vohr
f129622446
clean up remote 2017-10-25 09:51:21 -04:00
Shelley Vohr
7593bec687
update reviewed items 2017-10-24 19:36:06 -04:00
Shelley Vohr
b58ceae69c
appease linter gods 2017-10-24 12:28:15 -04:00
Shelley Vohr
43e118fe45
update desktop capturer and remove unnessary vars 2017-10-24 12:01:51 -04:00
Felix Rieseberg
2bd8877be3 🔧 String comparison 2017-10-07 08:26:32 -07:00
Felix Rieseberg
63749e281d 🔧 Linters gotta lint 2017-10-06 13:36:54 -07:00
Felix Rieseberg
11ac780caf 🔧 Add security warning 2017-10-06 13:02:54 -07:00
Boik
16499358b3 fix lint 2017-09-17 14:09:12 +08:00
Boik
d86724f17a code improvement 2017-09-17 13:56:22 +08:00
Boik
26e6f2c46c use textContent instead innerHTML to remediateDOM based XSS vulnerbilities 2017-09-17 11:27:03 +08:00
Alexandre Lachèze
e1a232e7c8 Add support for css in content_scripts 2017-09-14 17:23:33 +09:00
Cheng Zhao
bd87982b5c Merge pull request #10075 from alexstrat/fix/fix-content_scripts-match
Fix content scripts matches
2017-07-24 15:27:55 +09:00
Cheng Zhao
25f168cecb Merge pull request #9951 from alexstrat/fix-chrome-storage
Fix chrome storage access scope
2017-07-24 14:01:15 +09:00
Alexandre Lachèze
a2ba4e0a6a fix content scripts matches 2017-07-20 20:01:49 +02:00
Alexandre Lachèze
498f344e2e Correct mkdir 2017-07-20 19:50:55 +02:00
Kevin Sawicki
553021bc9c Only assign opener when not using nativeWindowOpen 2017-07-17 11:55:15 -07:00
Alexandre Lachèze
ec8407c65d Recursively mkdir the parent directories 2017-07-11 00:56:45 +02:00
Alexandre Lachèze
c85f3cbd2c Change storage implementation to async 2017-07-11 00:35:53 +02:00
Alexandre Lachèze
9aac8967aa 👕 2017-07-10 23:56:44 +02:00
Alexandre Lachèze
969c74b886 Use es6 string templating 2017-07-10 23:50:59 +02:00
Alexandre Lachèze
73e8769b1f content_scripts[].matches use the URL without hash part 2017-07-07 04:14:36 +02:00
Alexandre Lachèze
ec10338364 Per-extension storage 2017-07-07 03:13:19 +02:00
Alexandre Lachèze
d2002ff3fc Use a file as Chrome Storage rather than localStorage 2017-07-07 03:06:53 +02:00
Birunthan Mohanathas
7d2226e05e Let Chromium manage document.visibilityState and document.hidden
Chromium already includes the necessary plumbing to manage the
visibility properties and `visibilitychange` event so this gets rid of
most of our custom logic for `BrowserWindow` and `BrowserView`.

Note that `webview` remains unchanged and is still affected by the issues
listed below.

User facing changes:

- The `document` visibility properties and `visibilitychange` event are
  now also updated/fired in response to occlusion changes on macOS. In
  other words, `document.visibilityState` will now be `hidden` on macOS
  if the window is occluded by another window.

- Previously, `visibilitychange` was also fired by *both* Electron and
  Chromium in some cases (e.g. when hiding the window). Now it is only
  fired by Chromium so you no longer get duplicate events.

- The visiblity state of `BrowserWindow`s created with `{ show: false }`
  is now initially `visible` until the window is shown and hidden.

- The visibility state of `BrowserWindow`s with `backgroundThrottling`
  disabled is now permanently `visible`.

This should also fix #6860 (but not for `webview`).
2017-06-06 15:16:01 -07:00
Kevin Sawicki
a285a3e64b Default webviewTag to false 2017-05-17 14:01:45 -07:00