import { expect } from 'chai' import { BrowserWindow, WebContents, session, ipcMain, app, protocol, webContents } from 'electron' import { emittedOnce } from './events-helpers' import { closeAllWindows } from './window-helpers' import * as https from 'https' import * as http from 'http' import * as path from 'path' import * as fs from 'fs' import * as url from 'url' import * as ChildProcess from 'child_process' import { EventEmitter } from 'events' import { promisify } from 'util' import { ifit, ifdescribe } from './spec-helpers' import { AddressInfo } from 'net' const features = process.electronBinding('features') const fixturesPath = path.resolve(__dirname, '..', 'spec', 'fixtures') describe('reporting api', () => { it('sends a report for a deprecation', async () => { const reports = new EventEmitter() // The Reporting API only works on https with valid certs. To dodge having // to set up a trusted certificate, hack the validator. session.defaultSession.setCertificateVerifyProc((req, cb) => { cb(0) }) const certPath = path.join(fixturesPath, 'certificates') const options = { key: fs.readFileSync(path.join(certPath, 'server.key')), cert: fs.readFileSync(path.join(certPath, 'server.pem')), ca: [ fs.readFileSync(path.join(certPath, 'rootCA.pem')), fs.readFileSync(path.join(certPath, 'intermediateCA.pem')) ], requestCert: true, rejectUnauthorized: false } const server = https.createServer(options, (req, res) => { if (req.url === '/report') { let data = '' req.on('data', (d) => { data += d.toString('utf-8') }) req.on('end', () => { reports.emit('report', JSON.parse(data)) }) } res.setHeader('Report-To', JSON.stringify({ group: 'default', max_age: 120, endpoints: [ { url: `https://localhost:${(server.address() as any).port}/report` } ] })) res.setHeader('Content-Type', 'text/html') // using the deprecated `webkitRequestAnimationFrame` will trigger a // "deprecation" report. res.end('') }) await new Promise(resolve => server.listen(0, '127.0.0.1', resolve)) const bw = new BrowserWindow({ show: false }) try { const reportGenerated = emittedOnce(reports, 'report') const url = `https://localhost:${(server.address() as any).port}/a` await bw.loadURL(url) const [report] = await reportGenerated expect(report).to.be.an('array') expect(report[0].type).to.equal('deprecation') expect(report[0].url).to.equal(url) expect(report[0].body.id).to.equal('PrefixedRequestAnimationFrame') } finally { bw.destroy() server.close() } }) }) describe('window.postMessage', () => { afterEach(async () => { await closeAllWindows() }) it('sets the source and origin correctly', async () => { const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true } }) w.loadURL(`file://${fixturesPath}/pages/window-open-postMessage-driver.html`) const [, message] = await emittedOnce(ipcMain, 'complete') expect(message.data).to.equal('testing') expect(message.origin).to.equal('file://') expect(message.sourceEqualsOpener).to.equal(true) expect(message.eventOrigin).to.equal('file://') }) }) describe('focus handling', () => { let webviewContents: WebContents = null as unknown as WebContents let w: BrowserWindow = null as unknown as BrowserWindow beforeEach(async () => { w = new BrowserWindow({ show: true, webPreferences: { nodeIntegration: true, webviewTag: true } }) const webviewReady = emittedOnce(w.webContents, 'did-attach-webview') await w.loadFile(path.join(fixturesPath, 'pages', 'tab-focus-loop-elements.html')) const [, wvContents] = await webviewReady webviewContents = wvContents await emittedOnce(webviewContents, 'did-finish-load') w.focus() }) afterEach(() => { webviewContents = null as unknown as WebContents w.destroy() w = null as unknown as BrowserWindow }) const expectFocusChange = async () => { const [, focusedElementId] = await emittedOnce(ipcMain, 'focus-changed') return focusedElementId } describe('a TAB press', () => { const tabPressEvent: any = { type: 'keyDown', keyCode: 'Tab' } it('moves focus to the next focusable item', async () => { let focusChange = expectFocusChange() w.webContents.sendInputEvent(tabPressEvent) let focusedElementId = await focusChange expect(focusedElementId).to.equal('BUTTON-element-1', `should start focused in element-1, it's instead in ${focusedElementId}`) focusChange = expectFocusChange() w.webContents.sendInputEvent(tabPressEvent) focusedElementId = await focusChange expect(focusedElementId).to.equal('BUTTON-element-2', `focus should've moved to element-2, it's instead in ${focusedElementId}`) focusChange = expectFocusChange() w.webContents.sendInputEvent(tabPressEvent) focusedElementId = await focusChange expect(focusedElementId).to.equal('BUTTON-wv-element-1', `focus should've moved to the webview's element-1, it's instead in ${focusedElementId}`) focusChange = expectFocusChange() webviewContents.sendInputEvent(tabPressEvent) focusedElementId = await focusChange expect(focusedElementId).to.equal('BUTTON-wv-element-2', `focus should've moved to the webview's element-2, it's instead in ${focusedElementId}`) focusChange = expectFocusChange() webviewContents.sendInputEvent(tabPressEvent) focusedElementId = await focusChange expect(focusedElementId).to.equal('BUTTON-element-3', `focus should've moved to element-3, it's instead in ${focusedElementId}`) focusChange = expectFocusChange() w.webContents.sendInputEvent(tabPressEvent) focusedElementId = await focusChange expect(focusedElementId).to.equal('BUTTON-element-1', `focus should've looped back to element-1, it's instead in ${focusedElementId}`) }) }) describe('a SHIFT + TAB press', () => { const shiftTabPressEvent: any = { type: 'keyDown', modifiers: ['Shift'], keyCode: 'Tab' } it('moves focus to the previous focusable item', async () => { let focusChange = expectFocusChange() w.webContents.sendInputEvent(shiftTabPressEvent) let focusedElementId = await focusChange expect(focusedElementId).to.equal('BUTTON-element-3', `should start focused in element-3, it's instead in ${focusedElementId}`) focusChange = expectFocusChange() w.webContents.sendInputEvent(shiftTabPressEvent) focusedElementId = await focusChange expect(focusedElementId).to.equal('BUTTON-wv-element-2', `focus should've moved to the webview's element-2, it's instead in ${focusedElementId}`) focusChange = expectFocusChange() webviewContents.sendInputEvent(shiftTabPressEvent) focusedElementId = await focusChange expect(focusedElementId).to.equal('BUTTON-wv-element-1', `focus should've moved to the webview's element-1, it's instead in ${focusedElementId}`) focusChange = expectFocusChange() webviewContents.sendInputEvent(shiftTabPressEvent) focusedElementId = await focusChange expect(focusedElementId).to.equal('BUTTON-element-2', `focus should've moved to element-2, it's instead in ${focusedElementId}`) focusChange = expectFocusChange() w.webContents.sendInputEvent(shiftTabPressEvent) focusedElementId = await focusChange expect(focusedElementId).to.equal('BUTTON-element-1', `focus should've moved to element-1, it's instead in ${focusedElementId}`) focusChange = expectFocusChange() w.webContents.sendInputEvent(shiftTabPressEvent) focusedElementId = await focusChange expect(focusedElementId).to.equal('BUTTON-element-3', `focus should've looped back to element-3, it's instead in ${focusedElementId}`) }) }) }) describe('web security', () => { afterEach(closeAllWindows) let server: http.Server let serverUrl: string before(async () => { server = http.createServer((req, res) => { res.setHeader('Content-Type', 'text/html') res.end('') }) await new Promise(resolve => server.listen(0, '127.0.0.1', resolve)) serverUrl = `http://localhost:${(server.address() as any).port}` }) after(() => { server.close() }) it('engages CORB when web security is not disabled', async () => { const w = new BrowserWindow({ show: true, webPreferences: { webSecurity: true, nodeIntegration: true } }) const p = emittedOnce(ipcMain, 'success') await w.loadURL(`data:text/html,`) await p }) it('bypasses CORB when web security is disabled', async () => { const w = new BrowserWindow({ show: true, webPreferences: { webSecurity: false, nodeIntegration: true } }) const p = emittedOnce(ipcMain, 'success') await w.loadURL(`data:text/html, `) await p }) }) describe('command line switches', () => { describe('--lang switch', () => { const currentLocale = app.getLocale() const testLocale = (locale: string, result: string, done: () => void) => { const appPath = path.join(fixturesPath, 'api', 'locale-check') const electronPath = process.execPath let output = '' const appProcess = ChildProcess.spawn(electronPath, [appPath, `--lang=${locale}`]) appProcess.stdout.on('data', (data) => { output += data }) appProcess.stdout.on('end', () => { output = output.replace(/(\r\n|\n|\r)/gm, '') expect(output).to.equal(result) done() }) } it('should set the locale', (done) => testLocale('fr', 'fr', done)) it('should not set an invalid locale', (done) => testLocale('asdfkl', currentLocale, done)) }) describe('--remote-debugging-port switch', () => { it('should display the discovery page', (done) => { const electronPath = process.execPath let output = '' const appProcess = ChildProcess.spawn(electronPath, [`--remote-debugging-port=`]) appProcess.stderr.on('data', (data) => { output += data const m = /DevTools listening on ws:\/\/127.0.0.1:(\d+)\//.exec(output) if (m) { appProcess.stderr.removeAllListeners('data') const port = m[1] http.get(`http://127.0.0.1:${port}`, (res) => { res.destroy() appProcess.kill() expect(res.statusCode).to.eql(200) expect(parseInt(res.headers['content-length']!)).to.be.greaterThan(0) done() }) } }) }) }) }) describe('chromium features', () => { afterEach(closeAllWindows) describe('accessing key names also used as Node.js module names', () => { it('does not crash', (done) => { const w = new BrowserWindow({ show: false }) w.webContents.once('did-finish-load', () => { done() }) w.webContents.once('crashed', () => done(new Error('WebContents crashed.'))) w.loadFile(path.join(fixturesPath, 'pages', 'external-string.html')) }) }) describe('loading jquery', () => { it('does not crash', (done) => { const w = new BrowserWindow({ show: false }) w.webContents.once('did-finish-load', () => { done() }) w.webContents.once('crashed', () => done(new Error('WebContents crashed.'))) w.loadFile(path.join(fixturesPath, 'pages', 'jquery.html')) }) }) describe('navigator.languages', () => { it('should return the system locale only', async () => { const appLocale = app.getLocale() const w = new BrowserWindow({ show: false }) await w.loadURL('about:blank') const languages = await w.webContents.executeJavaScript(`navigator.languages`) expect(languages).to.deep.equal([appLocale]) }) }) describe('navigator.serviceWorker', () => { it('should register for file scheme', (done) => { const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true, partition: 'sw-file-scheme-spec' } }) w.webContents.on('ipc-message', (event, channel, message) => { if (channel === 'reload') { w.webContents.reload() } else if (channel === 'error') { done(message) } else if (channel === 'response') { expect(message).to.equal('Hello from serviceWorker!') session.fromPartition('sw-file-scheme-spec').clearStorageData({ storages: ['serviceworkers'] }).then(() => done()) } }) w.webContents.on('crashed', () => done(new Error('WebContents crashed.'))) w.loadFile(path.join(fixturesPath, 'pages', 'service-worker', 'index.html')) }) it('should register for intercepted file scheme', (done) => { const customSession = session.fromPartition('intercept-file') customSession.protocol.interceptBufferProtocol('file', (request, callback) => { let file = url.parse(request.url).pathname! if (file[0] === '/' && process.platform === 'win32') file = file.slice(1) const content = fs.readFileSync(path.normalize(file)) const ext = path.extname(file) let type = 'text/html' if (ext === '.js') type = 'application/javascript' callback({ data: content, mimeType: type } as any) }, (error) => { if (error) done(error) }) const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true, session: customSession } }) w.webContents.on('ipc-message', (event, channel, message) => { if (channel === 'reload') { w.webContents.reload() } else if (channel === 'error') { done(`unexpected error : ${message}`) } else if (channel === 'response') { expect(message).to.equal('Hello from serviceWorker!') customSession.clearStorageData({ storages: ['serviceworkers'] }).then(() => { customSession.protocol.uninterceptProtocol('file', error => done(error)) }) } }) w.webContents.on('crashed', () => done(new Error('WebContents crashed.'))) w.loadFile(path.join(fixturesPath, 'pages', 'service-worker', 'index.html')) }) }) describe('navigator.geolocation', () => { before(function () { if (!features.isFakeLocationProviderEnabled()) { return this.skip() } }) it('returns error when permission is denied', (done) => { const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true, partition: 'geolocation-spec' } }) w.webContents.on('ipc-message', (event, channel) => { if (channel === 'success') { done() } else { done('unexpected response from geolocation api') } }) w.webContents.session.setPermissionRequestHandler((wc, permission, callback) => { if (permission === 'geolocation') { callback(false) } else { callback(true) } }) w.loadFile(path.join(fixturesPath, 'pages', 'geolocation', 'index.html')) }) }) describe('form submit', () => { let server: http.Server let serverUrl: string before(async () => { server = http.createServer((req, res) => { let body = '' req.on('data', (chunk) => { body += chunk }) res.setHeader('Content-Type', 'application/json') req.on('end', () => { res.end(`body:${body}`) }) }) await new Promise(resolve => server.listen(0, '127.0.0.1', resolve)) serverUrl = `http://localhost:${(server.address() as any).port}` }) after(async () => { server.close() await closeAllWindows() }); [true, false].forEach((isSandboxEnabled) => describe(`sandbox=${isSandboxEnabled}`, () => { it('posts data in the same window', () => { const w = new BrowserWindow({ show: false, webPreferences: { sandbox: isSandboxEnabled } }) return new Promise(async (resolve) => { await w.loadFile(path.join(fixturesPath, 'pages', 'form-with-data.html')) w.webContents.once('did-finish-load', async () => { const res = await w.webContents.executeJavaScript('document.body.innerText') expect(res).to.equal('body:greeting=hello') resolve() }) w.webContents.executeJavaScript(` const form = document.querySelector('form') form.action = '${serverUrl}'; form.submit(); `) }) }) it('posts data to a new window with target=_blank', () => { const w = new BrowserWindow({ show: false, webPreferences: { sandbox: isSandboxEnabled } }) return new Promise(async (resolve) => { await w.loadFile(path.join(fixturesPath, 'pages', 'form-with-data.html')) app.once('browser-window-created', async (event, newWin) => { const res = await newWin.webContents.executeJavaScript('document.body.innerText') expect(res).to.equal('body:greeting=hello') resolve() }) w.webContents.executeJavaScript(` const form = document.querySelector('form') form.action = '${serverUrl}'; form.target = '_blank'; form.submit(); `) }) }) }) ) }) describe('window.open', () => { for (const show of [true, false]) { it(`inherits parent visibility over parent {show=${show}} option`, (done) => { const w = new BrowserWindow({ show }) // toggle visibility if (show) { w.hide() } else { w.show() } w.webContents.once('new-window', (e, url, frameName, disposition, options) => { expect(options.show).to.equal(w.isVisible()) w.close() done() }) w.loadFile(path.join(fixturesPath, 'pages', 'window-open.html')) }) } it('disables node integration when it is disabled on the parent window for chrome devtools URLs', async () => { const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true } }) w.loadURL('about:blank') w.webContents.executeJavaScript(` b = window.open('devtools://devtools/bundled/inspector.html', '', 'nodeIntegration=no,show=no') `) const [, contents] = await emittedOnce(app, 'web-contents-created') const typeofProcessGlobal = await contents.executeJavaScript('typeof process') expect(typeofProcessGlobal).to.equal('undefined') }) it('disables JavaScript when it is disabled on the parent window', async () => { const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true } }) w.webContents.loadURL('about:blank') const windowUrl = require('url').format({ pathname: `${fixturesPath}/pages/window-no-javascript.html`, protocol: 'file', slashes: true }) w.webContents.executeJavaScript(` b = window.open(${JSON.stringify(windowUrl)}, '', 'javascript=no,show=no') `) const [, contents] = await emittedOnce(app, 'web-contents-created') await emittedOnce(contents, 'did-finish-load') // Click link on page contents.sendInputEvent({ type: 'mouseDown', clickCount: 1, x: 1, y: 1 }) contents.sendInputEvent({ type: 'mouseUp', clickCount: 1, x: 1, y: 1 }) const [, window] = await emittedOnce(app, 'browser-window-created') const preferences = (window.webContents as any).getLastWebPreferences() expect(preferences.javascript).to.be.false() }) it('handles cycles when merging the parent options into the child options', (done) => { const foo = {} as any foo.bar = foo foo.baz = { hello: { world: true } } foo.baz2 = foo.baz const w = new BrowserWindow({ show: false, foo: foo } as any) w.loadFile(path.join(fixturesPath, 'pages', 'window-open.html')) w.webContents.once('new-window', (event, url, frameName, disposition, options) => { expect(options.show).to.be.false() expect((options as any).foo).to.deep.equal({ bar: undefined, baz: { hello: { world: true } }, baz2: { hello: { world: true } } }) done() }) }) it('defines a window.location getter', async () => { let targetURL: string if (process.platform === 'win32') { targetURL = `file:///${fixturesPath.replace(/\\/g, '/')}/pages/base-page.html` } else { targetURL = `file://${fixturesPath}/pages/base-page.html` } const w = new BrowserWindow({ show: false }) w.loadURL('about:blank') w.webContents.executeJavaScript(`b = window.open(${JSON.stringify(targetURL)})`) const [, window] = await emittedOnce(app, 'browser-window-created') await emittedOnce(window.webContents, 'did-finish-load') expect(await w.webContents.executeJavaScript(`b.location.href`)).to.equal(targetURL) }) it('defines a window.location setter', async () => { const w = new BrowserWindow({ show: false }) w.loadURL('about:blank') w.webContents.executeJavaScript(`b = window.open("about:blank")`) const [, { webContents }] = await emittedOnce(app, 'browser-window-created') await emittedOnce(webContents, 'did-finish-load') // When it loads, redirect w.webContents.executeJavaScript(`b.location = ${JSON.stringify(`file://${fixturesPath}/pages/base-page.html`)}`) await emittedOnce(webContents, 'did-finish-load') }) it('defines a window.location.href setter', async () => { const w = new BrowserWindow({ show: false }) w.loadURL('about:blank') w.webContents.executeJavaScript(`b = window.open("about:blank")`) const [, { webContents }] = await emittedOnce(app, 'browser-window-created') await emittedOnce(webContents, 'did-finish-load') // When it loads, redirect w.webContents.executeJavaScript(`b.location.href = ${JSON.stringify(`file://${fixturesPath}/pages/base-page.html`)}`) await emittedOnce(webContents, 'did-finish-load') }) it('open a blank page when no URL is specified', async () => { const w = new BrowserWindow({ show: false }) w.loadURL('about:blank') w.webContents.executeJavaScript(`b = window.open()`) const [, { webContents }] = await emittedOnce(app, 'browser-window-created') await emittedOnce(webContents, 'did-finish-load') expect(await w.webContents.executeJavaScript(`b.location.href`)).to.equal('about:blank') }) it('open a blank page when an empty URL is specified', async () => { const w = new BrowserWindow({ show: false }) w.loadURL('about:blank') w.webContents.executeJavaScript(`b = window.open('')`) const [, { webContents }] = await emittedOnce(app, 'browser-window-created') await emittedOnce(webContents, 'did-finish-load') expect(await w.webContents.executeJavaScript(`b.location.href`)).to.equal('about:blank') }) it('sets the window title to the specified frameName', async () => { const w = new BrowserWindow({ show: false }) w.loadURL('about:blank') w.webContents.executeJavaScript(`b = window.open('', 'hello')`) const [, window] = await emittedOnce(app, 'browser-window-created') expect(window.getTitle()).to.equal('hello') }) it('does not throw an exception when the frameName is a built-in object property', async () => { const w = new BrowserWindow({ show: false }) w.loadURL('about:blank') w.webContents.executeJavaScript(`b = window.open('', '__proto__')`) const [, window] = await emittedOnce(app, 'browser-window-created') expect(window.getTitle()).to.equal('__proto__') }) }) describe('window.opener', () => { it('is null for main window', async () => { const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true } }) w.loadFile(path.join(fixturesPath, 'pages', 'window-opener.html')) const [, channel, opener] = await emittedOnce(w.webContents, 'ipc-message') expect(channel).to.equal('opener') expect(opener).to.equal(null) }) }) describe('navigator.mediaDevices', () => { afterEach(closeAllWindows) afterEach(() => { session.defaultSession.setPermissionCheckHandler(null) }) it('can return labels of enumerated devices', async () => { const w = new BrowserWindow({ show: false }) w.loadFile(path.join(fixturesPath, 'pages', 'blank.html')) const labels = await w.webContents.executeJavaScript(`navigator.mediaDevices.enumerateDevices().then(ds => ds.map(d => d.label))`) expect(labels.some((l: any) => l)).to.be.true() }) it('does not return labels of enumerated devices when permission denied', async () => { session.defaultSession.setPermissionCheckHandler(() => false) const w = new BrowserWindow({ show: false }) w.loadFile(path.join(fixturesPath, 'pages', 'blank.html')) const labels = await w.webContents.executeJavaScript(`navigator.mediaDevices.enumerateDevices().then(ds => ds.map(d => d.label))`) expect(labels.some((l: any) => l)).to.be.false() }) it('can return new device id when cookie storage is cleared', async () => { const ses = session.fromPartition('persist:media-device-id') const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true, session: ses } }) w.loadFile(path.join(fixturesPath, 'pages', 'media-id-reset.html')) const [, firstDeviceIds] = await emittedOnce(ipcMain, 'deviceIds') await ses.clearStorageData({ storages: ['cookies'] }) w.webContents.reload() const [, secondDeviceIds] = await emittedOnce(ipcMain, 'deviceIds') expect(firstDeviceIds).to.not.deep.equal(secondDeviceIds) }) }) describe('window.opener access', () => { const scheme = 'app' const fileUrl = `file://${fixturesPath}/pages/window-opener-location.html` const httpUrl1 = `${scheme}://origin1` const httpUrl2 = `${scheme}://origin2` const fileBlank = `file://${fixturesPath}/pages/blank.html` const httpBlank = `${scheme}://origin1/blank` const table = [ { parent: fileBlank, child: httpUrl1, nodeIntegration: false, nativeWindowOpen: false, openerAccessible: false }, { parent: fileBlank, child: httpUrl1, nodeIntegration: false, nativeWindowOpen: true, openerAccessible: false }, { parent: fileBlank, child: httpUrl1, nodeIntegration: true, nativeWindowOpen: false, openerAccessible: true }, { parent: fileBlank, child: httpUrl1, nodeIntegration: true, nativeWindowOpen: true, openerAccessible: false }, { parent: httpBlank, child: fileUrl, nodeIntegration: false, nativeWindowOpen: false, openerAccessible: false }, // {parent: httpBlank, child: fileUrl, nodeIntegration: false, nativeWindowOpen: true, openerAccessible: false}, // can't window.open() { parent: httpBlank, child: fileUrl, nodeIntegration: true, nativeWindowOpen: false, openerAccessible: true }, // {parent: httpBlank, child: fileUrl, nodeIntegration: true, nativeWindowOpen: true, openerAccessible: false}, // can't window.open() // NB. this is different from Chrome's behavior, which isolates file: urls from each other { parent: fileBlank, child: fileUrl, nodeIntegration: false, nativeWindowOpen: false, openerAccessible: true }, { parent: fileBlank, child: fileUrl, nodeIntegration: false, nativeWindowOpen: true, openerAccessible: true }, { parent: fileBlank, child: fileUrl, nodeIntegration: true, nativeWindowOpen: false, openerAccessible: true }, { parent: fileBlank, child: fileUrl, nodeIntegration: true, nativeWindowOpen: true, openerAccessible: true }, { parent: httpBlank, child: httpUrl1, nodeIntegration: false, nativeWindowOpen: false, openerAccessible: true }, { parent: httpBlank, child: httpUrl1, nodeIntegration: false, nativeWindowOpen: true, openerAccessible: true }, { parent: httpBlank, child: httpUrl1, nodeIntegration: true, nativeWindowOpen: false, openerAccessible: true }, { parent: httpBlank, child: httpUrl1, nodeIntegration: true, nativeWindowOpen: true, openerAccessible: true }, { parent: httpBlank, child: httpUrl2, nodeIntegration: false, nativeWindowOpen: false, openerAccessible: false }, { parent: httpBlank, child: httpUrl2, nodeIntegration: false, nativeWindowOpen: true, openerAccessible: false }, { parent: httpBlank, child: httpUrl2, nodeIntegration: true, nativeWindowOpen: false, openerAccessible: true }, { parent: httpBlank, child: httpUrl2, nodeIntegration: true, nativeWindowOpen: true, openerAccessible: false } ] const s = (url: string) => url.startsWith('file') ? 'file://...' : url before(async () => { await promisify(protocol.registerFileProtocol)(scheme, (request, callback) => { if (request.url.includes('blank')) { callback(`${fixturesPath}/pages/blank.html`) } else { callback(`${fixturesPath}/pages/window-opener-location.html`) } }) }) after(async () => { await promisify(protocol.unregisterProtocol)(scheme) }) afterEach(closeAllWindows) describe('when opened from main window', () => { for (const { parent, child, nodeIntegration, nativeWindowOpen, openerAccessible } of table) { for (const sandboxPopup of [false, true]) { const description = `when parent=${s(parent)} opens child=${s(child)} with nodeIntegration=${nodeIntegration} nativeWindowOpen=${nativeWindowOpen} sandboxPopup=${sandboxPopup}, child should ${openerAccessible ? '' : 'not '}be able to access opener` it(description, async () => { const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true, nativeWindowOpen } }) w.webContents.once('new-window', (e, url, frameName, disposition, options) => { options!.webPreferences!.sandbox = sandboxPopup }) await w.loadURL(parent) const childOpenerLocation = await w.webContents.executeJavaScript(`new Promise(resolve => { window.addEventListener('message', function f(e) { resolve(e.data) }) window.open(${JSON.stringify(child)}, "", "show=no,nodeIntegration=${nodeIntegration ? 'yes' : 'no'}") })`) if (openerAccessible) { expect(childOpenerLocation).to.be.a('string') } else { expect(childOpenerLocation).to.be.null() } }) } } }) describe('when opened from ', () => { for (const { parent, child, nodeIntegration, nativeWindowOpen, openerAccessible } of table) { const description = `when parent=${s(parent)} opens child=${s(child)} with nodeIntegration=${nodeIntegration} nativeWindowOpen=${nativeWindowOpen}, child should ${openerAccessible ? '' : 'not '}be able to access opener` // WebView erroneously allows access to the parent window when nativeWindowOpen is false. const skip = !nativeWindowOpen && !openerAccessible ifit(!skip)(description, async () => { // This test involves three contexts: // 1. The root BrowserWindow in which the test is run, // 2. A belonging to the root window, // 3. A window opened by calling window.open() from within the . // We are testing whether context (3) can access context (2) under various conditions. // This is context (1), the base window for the test. const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true, webviewTag: true } }) await w.loadURL('about:blank') const parentCode = `new Promise((resolve) => { // This is context (3), a child window of the WebView. const child = window.open(${JSON.stringify(child)}, "", "show=no") window.addEventListener("message", e => { resolve(e.data) }) })` const childOpenerLocation = await w.webContents.executeJavaScript(`new Promise((resolve, reject) => { // This is context (2), a WebView which will call window.open() const webview = new WebView() webview.setAttribute('nodeintegration', '${nodeIntegration ? 'on' : 'off'}') webview.setAttribute('webpreferences', 'nativeWindowOpen=${nativeWindowOpen ? 'yes' : 'no'}') webview.setAttribute('allowpopups', 'on') webview.src = ${JSON.stringify(parent + '?p=' + encodeURIComponent(child))} webview.addEventListener('dom-ready', async () => { webview.executeJavaScript(${JSON.stringify(parentCode)}).then(resolve, reject) }) document.body.appendChild(webview) })`) if (openerAccessible) { expect(childOpenerLocation).to.be.a('string') } else { expect(childOpenerLocation).to.be.null() } }) } }) }) describe('storage', () => { describe('custom non standard schemes', () => { const protocolName = 'storage' let contents: WebContents before((done) => { protocol.registerFileProtocol(protocolName, (request, callback) => { const parsedUrl = url.parse(request.url) let filename switch (parsedUrl.pathname) { case '/localStorage' : filename = 'local_storage.html'; break case '/sessionStorage' : filename = 'session_storage.html'; break case '/WebSQL' : filename = 'web_sql.html'; break case '/indexedDB' : filename = 'indexed_db.html'; break case '/cookie' : filename = 'cookie.html'; break default : filename = '' } callback({ path: `${fixturesPath}/pages/storage/${filename}` }) }, (error) => done(error)) }) after((done) => { protocol.unregisterProtocol(protocolName, () => done()) }) beforeEach(() => { contents = (webContents as any).create({ nodeIntegration: true }) }) afterEach(() => { (contents as any).destroy() contents = null as any }) it('cannot access localStorage', (done) => { ipcMain.once('local-storage-response', (event, error) => { expect(error).to.equal(`Failed to read the 'localStorage' property from 'Window': Access is denied for this document.`) done() }) contents.loadURL(protocolName + '://host/localStorage') }) it('cannot access sessionStorage', (done) => { ipcMain.once('session-storage-response', (event, error) => { expect(error).to.equal(`Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.`) done() }) contents.loadURL(`${protocolName}://host/sessionStorage`) }) it('cannot access WebSQL database', (done) => { ipcMain.once('web-sql-response', (event, error) => { expect(error).to.equal(`Failed to execute 'openDatabase' on 'Window': Access to the WebDatabase API is denied in this context.`) done() }) contents.loadURL(`${protocolName}://host/WebSQL`) }) it('cannot access indexedDB', (done) => { ipcMain.once('indexed-db-response', (event, error) => { expect(error).to.equal(`Failed to execute 'open' on 'IDBFactory': access to the Indexed Database API is denied in this context.`) done() }) contents.loadURL(`${protocolName}://host/indexedDB`) }) it('cannot access cookie', (done) => { ipcMain.once('cookie-response', (event, error) => { expect(error).to.equal(`Failed to set the 'cookie' property on 'Document': Access is denied for this document.`) done() }) contents.loadURL(`${protocolName}://host/cookie`) }) }) describe('can be accessed', () => { let server: http.Server let serverUrl: string let serverCrossSiteUrl: string before((done) => { server = http.createServer((req, res) => { const respond = () => { if (req.url === '/redirect-cross-site') { res.setHeader('Location', `${serverCrossSiteUrl}/redirected`) res.statusCode = 302 res.end() } else if (req.url === '/redirected') { res.end('') } else { res.end() } } setTimeout(respond, 0) }) server.listen(0, '127.0.0.1', () => { serverUrl = `http://127.0.0.1:${(server.address() as AddressInfo).port}` serverCrossSiteUrl = `http://localhost:${(server.address() as AddressInfo).port}` done() }) }) after(() => { server.close() server = null as any }) afterEach(closeAllWindows) const testLocalStorageAfterXSiteRedirect = (testTitle: string, extraPreferences = {}) => { it(testTitle, (done) => { const w = new BrowserWindow({ show: false, ...extraPreferences }) let redirected = false w.webContents.on('crashed', () => { expect.fail('renderer crashed / was killed') }) w.webContents.on('did-redirect-navigation', (event, url) => { expect(url).to.equal(`${serverCrossSiteUrl}/redirected`) redirected = true }) w.webContents.on('did-finish-load', () => { expect(redirected).to.be.true('didnt redirect') done() }) w.loadURL(`${serverUrl}/redirect-cross-site`) }) } testLocalStorageAfterXSiteRedirect('after a cross-site redirect') testLocalStorageAfterXSiteRedirect('after a cross-site redirect in sandbox mode', { sandbox: true }) }) }) ifdescribe(features.isPDFViewerEnabled())('PDF Viewer', () => { const pdfSource = url.format({ pathname: path.join(fixturesPath, 'assets', 'cat.pdf').replace(/\\/g, '/'), protocol: 'file', slashes: true }) const pdfSourceWithParams = url.format({ pathname: path.join(fixturesPath, 'assets', 'cat.pdf').replace(/\\/g, '/'), query: { a: 1, b: 2 }, protocol: 'file', slashes: true }) const createBrowserWindow = ({ plugins, preload }: { plugins: boolean, preload: string }) => { return new BrowserWindow({ show: false, webPreferences: { preload: path.join(fixturesPath, 'module', preload), plugins: plugins } }) } const testPDFIsLoadedInSubFrame = (page: string, preloadFile: string, done: Function) => { const pagePath = url.format({ pathname: path.join(fixturesPath, 'pages', page).replace(/\\/g, '/'), protocol: 'file', slashes: true }) const w = createBrowserWindow({ plugins: true, preload: preloadFile }) ipcMain.once('pdf-loaded', (event, state) => { expect(state).to.equal('success') done() }) w.webContents.on('page-title-updated', () => { const parsedURL = url.parse(w.webContents.getURL(), true) expect(parsedURL.protocol).to.equal('chrome:') expect(parsedURL.hostname).to.equal('pdf-viewer') expect(parsedURL.query.src).to.equal(pagePath) expect(w.webContents.getTitle()).to.equal('cat.pdf') }) w.loadFile(path.join(fixturesPath, 'pages', page)) } it('opens when loading a pdf resource as top level navigation', (done) => { const w = createBrowserWindow({ plugins: true, preload: 'preload-pdf-loaded.js' }) ipcMain.once('pdf-loaded', (event, state) => { expect(state).to.equal('success') done() }) w.webContents.on('page-title-updated', () => { const parsedURL = url.parse(w.webContents.getURL(), true) expect(parsedURL.protocol).to.equal('chrome:') expect(parsedURL.hostname).to.equal('pdf-viewer') expect(parsedURL.query.src).to.equal(pdfSource) expect(w.webContents.getTitle()).to.equal('cat.pdf') }) w.webContents.loadURL(pdfSource) }) it('opens a pdf link given params, the query string should be escaped', (done) => { const w = createBrowserWindow({ plugins: true, preload: 'preload-pdf-loaded.js' }) ipcMain.once('pdf-loaded', (event, state) => { expect(state).to.equal('success') done() }) w.webContents.on('page-title-updated', () => { const parsedURL = url.parse(w.webContents.getURL(), true) expect(parsedURL.protocol).to.equal('chrome:') expect(parsedURL.hostname).to.equal('pdf-viewer') expect(parsedURL.query.src).to.equal(pdfSourceWithParams) expect(parsedURL.query.b).to.be.undefined() expect(parsedURL.search!.endsWith('%3Fa%3D1%26b%3D2')).to.be.true() expect(w.webContents.getTitle()).to.equal('cat.pdf') }) w.webContents.loadURL(pdfSourceWithParams) }) it('should download a pdf when plugins are disabled', async () => { const w = createBrowserWindow({ plugins: false, preload: 'preload-pdf-loaded.js' }) w.webContents.loadURL(pdfSource) const [state, filename, mimeType] = await new Promise(resolve => { session.defaultSession.once('will-download', (event, item) => { item.setSavePath(path.join(fixturesPath, 'mock.pdf')) item.on('done', (e, state) => { resolve([state, item.getFilename(), item.getMimeType()]) }) }) }) expect(state).to.equal('completed') expect(filename).to.equal('cat.pdf') expect(mimeType).to.equal('application/pdf') fs.unlinkSync(path.join(fixturesPath, 'mock.pdf')) }) it('should not open when pdf is requested as sub resource', async () => { const w = new BrowserWindow({ show: false }) w.loadURL('about:blank') const [status, title] = await w.webContents.executeJavaScript(`fetch(${JSON.stringify(pdfSource)}).then(res => [res.status, document.title])`) expect(status).to.equal(200) expect(title).to.not.equal('cat.pdf') }) it('opens when loading a pdf resource in a iframe', (done) => { testPDFIsLoadedInSubFrame('pdf-in-iframe.html', 'preload-pdf-loaded-in-subframe.js', done) }) it('opens when loading a pdf resource in a nested iframe', (done) => { testPDFIsLoadedInSubFrame('pdf-in-nested-iframe.html', 'preload-pdf-loaded-in-nested-subframe.js', done) }) }) describe('window.history', () => { describe('window.history.pushState', () => { it('should push state after calling history.pushState() from the same url', (done) => { const w = new BrowserWindow({ show: false }) w.webContents.once('did-finish-load', async () => { // History should have current page by now. expect((w.webContents as any).length()).to.equal(1) w.webContents.executeJavaScript('window.history.pushState({}, "")').then(() => { // Initial page + pushed state expect((w.webContents as any).length()).to.equal(2) done() }) }) w.loadURL('about:blank') }) }) }) }) describe('font fallback', () => { async function getRenderedFonts (html: string) { const w = new BrowserWindow({ show: false }) try { await w.loadURL(`data:text/html,${html}`) w.webContents.debugger.attach() const sendCommand = (method: string, commandParams?: any) => w.webContents.debugger.sendCommand(method, commandParams) const { nodeId } = (await sendCommand('DOM.getDocument')).root.children[0] await sendCommand('CSS.enable') const { fonts } = await sendCommand('CSS.getPlatformFontsForNode', { nodeId }) return fonts } finally { w.close() } } it('should use Helvetica for sans-serif on Mac, and Arial on Windows and Linux', async () => { const html = `test` const fonts = await getRenderedFonts(html) expect(fonts).to.be.an('array') expect(fonts).to.have.length(1) if (process.platform === 'win32') { expect(fonts[0].familyName).to.equal('Arial') } else if (process.platform === 'darwin') { expect(fonts[0].familyName).to.equal('Helvetica') } else if (process.platform === 'linux') { expect(fonts[0].familyName).to.equal('DejaVu Sans') } // I think this depends on the distro? We don't specify a default. }) ifit(process.platform !== 'linux')('should fall back to Japanese font for sans-serif Japanese script', async function () { const html = ` test 智史 ` const fonts = await getRenderedFonts(html) expect(fonts).to.be.an('array') expect(fonts).to.have.length(1) if (process.platform === 'win32') { expect(fonts[0].familyName).to.be.oneOf(['Meiryo', 'Yu Gothic']) } else if (process.platform === 'darwin') { expect(fonts[0].familyName).to.equal('Hiragino Kaku Gothic ProN') } }) }) describe('iframe using HTML fullscreen API while window is OS-fullscreened', () => { const fullscreenChildHtml = promisify(fs.readFile)( path.join(fixturesPath, 'pages', 'fullscreen-oopif.html') ) let w: BrowserWindow, server: http.Server before(() => { server = http.createServer(async (_req, res) => { res.writeHead(200, { 'Content-Type': 'text/html' }) res.write(await fullscreenChildHtml) res.end() }) server.listen(8989, '127.0.0.1') }) beforeEach(() => { w = new BrowserWindow({ show: true, fullscreen: true, webPreferences: { nodeIntegration: true, nodeIntegrationInSubFrames: true } }) }) afterEach(async () => { await closeAllWindows() ;(w as any) = null server.close() }) it('can fullscreen from out-of-process iframes (OOPIFs)', done => { ipcMain.once('fullscreenChange', async () => { const fullscreenWidth = await w.webContents.executeJavaScript( "document.querySelector('iframe').offsetWidth" ) expect(fullscreenWidth > 0).to.be.true() await w.webContents.executeJavaScript( "document.querySelector('iframe').contentWindow.postMessage('exitFullscreen', '*')" ) await new Promise(resolve => setTimeout(resolve, 500)) const width = await w.webContents.executeJavaScript( "document.querySelector('iframe').offsetWidth" ) expect(width).to.equal(0) done() }) const html = '' w.loadURL(`data:text/html,${html}`) }) it('can fullscreen from in-process iframes', done => { ipcMain.once('fullscreenChange', async () => { const fullscreenWidth = await w.webContents.executeJavaScript( "document.querySelector('iframe').offsetWidth" ) expect(fullscreenWidth > 0).to.true() await w.webContents.executeJavaScript('document.exitFullscreen()') const width = await w.webContents.executeJavaScript( "document.querySelector('iframe').offsetWidth" ) expect(width).to.equal(0) done() }) w.loadFile(path.join(fixturesPath, 'pages', 'fullscreen-ipif.html')) }) })