* Add content script injector to sandboxed renderer
* Fix 'getRenderProcessPreferences' binding to the wrong object
* Pass getRenderProcessPreferences to content-scripts-injector
* Emit document-start and document-end events in sandboxed renderer
* Use GetContext from RendererClientBase
* Prevent script context crash caused by lazily initialization
* Remove frame filtering logic for onExit callback
Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.
* Add initial content script tests
* Add contextIsolation variants to content script tests
* Add set include
* Fix already loaded extension error
* Add tests for content scripts 'run_at' options
* Catch script injection eval error when CSP forbids it
This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.
* Fix content script tests not properly cleaning up extensions
* Fix lint and type errors
* refactor: Port security-warnings to TypeScript
* chore: make aliasify work on .ts files as well
* refactor: Implement feedback <3
* refactor: Correctly call executeJavaScript
* chore: make aliasify work on .ts files as well
* refactor: Port ipc-renderer-internal to TypeScript
* refactor: Correctly import internal ipcRenderer
* refactor: One more rename
* refactor: Fix one more lint issue
* refactor: Correctly reference ipcRendererInternal
* chore: refactor browser IPC into typescript
* chore: refactor app.ts into Typescript
* Refactors app.dock into cpp
* Removes app.launcher which has not existed for 3 years
* Removes 2 deprecated APIs (that have been deprecated for more than one
major)
* Refactors deprecate.ts as well
With mixed sandbox enabled we need to load the chrome.* APIs in the
sandbox init.js so that chrome extensions load correctly.
This mirrors the equivilant impl in `atom_renderer_client.cc`
Fixes#15561
* perf: use an internal module resolver instead of relative requires
* perf: memoize the results of getting exported Electron properties
* perf: make internal module changes consistent across sandboxed / bundled files
* Make it possible to disable a module for a renderer
* Put DesktopCapturer API under a build flag
The name is "enable_desktop_capturer".
Enabled by default.
Use a single synchronous IPC call to retrieve data required by early
sandbox scripts. This has two purposes:
- Optimize preload script initialization by:
- Using one synchronous IPC call to retrieve preload script,
webContentsId (more on that later), process.{platform,execPath,env}
- Lazy loading as many modules as possible.
- Fix#12316 for sandbox. @MarshallOfSound addressed the issue in
#12342, but it was still present in sandbox mode. By loading
webContentsId very early and skipping remote module at early
startup, we fix it for sandbox.
- Use `path` module from browser process in sandboxed renderer. This is required
because the return value of `path.join` is platform-specific, and this is an
assumtion of crash-reporter.js which is shared between sandboxed and
non-sandboxed renderers.
- Set `process.platform` and `process.execPath` in sandboxed renderer
environment. This is required to spawn the windows crash service from
sandboxed renderer.
- Use a single temporary directory for all crashReporter tests. This is required
to make tests more deterministic across platforms(since mac's crashpad doesn't
support changing the crash dump directory). Also make a few improvements/fixes
to the `uploadToServer` test.
- Expose remote shortcuts for the `fs`, `os` and `child_process` modules.
- Expose the `url` and `timers` modules(the browserify versions)
- Add `process.crash` and `process.platform`
In sandboxed renderers we use browserify to provide a node-like environment. The
Buffer class used by browserify is actually just a wrapper around Uint8Array,
but to deserialize Buffer correctly we must expose the class as a hidden value
and use it in V8ValueConverter.
Instead of having to list in filenames.gypi every javascript file that may go
into a browserify build, generate this list dynamically when the build files are
created by gyp.
This change gives sandboxed renderer scripts a similar structure to what already
exists in the lib/{browser,renderer,common} directories.
It also allows sandboxed renderer initialization to share more code with
non-sandboxed renderers (ipcRenderer is now imported directly from
lib/renderer/api/ipc-renderer).
- Adapt node.cc code that implements `process.binding` to create a similar
object in AtomSandboxedRendererClient.
- Replace the ipc binding object passed to `lib/sandboxed_renderer/init.js` by
the new binding object.
- Refactor the initialization script to use this new object to fetch the ipc
binding and store as a hidden value using the `v8_util` module.
This change also required applying a patch to node.js, so the submodule commit
was updated.
Add a gyp target that creates a browserify bundle starting with
`lib/sandboxed_renderer/init.js`, which is embedded into the executable using
the `atom_js2c` target.
The goal of this bundle is to provide a very basic environment for preload
scripts where a `require` function is available.
