342 lines
12 KiB
JavaScript
342 lines
12 KiB
JavaScript
'use strict'
|
|
|
|
const {BrowserWindow, ipcMain, webContents} = require('electron')
|
|
const {isSameOrigin} = process.atomBinding('v8_util')
|
|
const parseFeaturesString = require('../common/parse-features-string')
|
|
|
|
const hasProp = {}.hasOwnProperty
|
|
const frameToGuest = new Map()
|
|
|
|
// Copy attribute of |parent| to |child| if it is not defined in |child|.
|
|
const mergeOptions = function (child, parent, visited) {
|
|
// Check for circular reference.
|
|
if (visited == null) visited = new Set()
|
|
if (visited.has(parent)) return
|
|
|
|
visited.add(parent)
|
|
for (const key in parent) {
|
|
if (!hasProp.call(parent, key)) continue
|
|
if (key in child) continue
|
|
|
|
const value = parent[key]
|
|
if (typeof value === 'object') {
|
|
child[key] = mergeOptions({}, value, visited)
|
|
} else {
|
|
child[key] = value
|
|
}
|
|
}
|
|
visited.delete(parent)
|
|
|
|
return child
|
|
}
|
|
|
|
// Merge |options| with the |embedder|'s window's options.
|
|
const mergeBrowserWindowOptions = function (embedder, options) {
|
|
if (options.webPreferences == null) {
|
|
options.webPreferences = {}
|
|
}
|
|
if (embedder.browserWindowOptions != null) {
|
|
// Inherit the original options if it is a BrowserWindow.
|
|
mergeOptions(options, embedder.browserWindowOptions)
|
|
} else {
|
|
// Or only inherit web-preferences if it is a webview.
|
|
mergeOptions(options.webPreferences, embedder.getWebPreferences())
|
|
}
|
|
|
|
// Disable node integration on child window if disabled on parent window
|
|
if (embedder.getWebPreferences().nodeIntegration === false) {
|
|
options.webPreferences.nodeIntegration = false
|
|
}
|
|
|
|
// Enable context isolation on child window if enabled on parent window
|
|
if (embedder.getWebPreferences().contextIsolation === true) {
|
|
options.webPreferences.contextIsolation = true
|
|
}
|
|
|
|
// Disable JavaScript on child window if disabled on parent window
|
|
if (embedder.getWebPreferences().javascript === false) {
|
|
options.webPreferences.javascript = false
|
|
}
|
|
|
|
// Sets correct openerId here to give correct options to 'new-window' event handler
|
|
options.webPreferences.openerId = embedder.id
|
|
|
|
return options
|
|
}
|
|
|
|
// Setup a new guest with |embedder|
|
|
const setupGuest = function (embedder, frameName, guest, options) {
|
|
// When |embedder| is destroyed we should also destroy attached guest, and if
|
|
// guest is closed by user then we should prevent |embedder| from double
|
|
// closing guest.
|
|
const guestId = guest.webContents.id
|
|
const closedByEmbedder = function () {
|
|
guest.removeListener('closed', closedByUser)
|
|
guest.destroy()
|
|
}
|
|
const closedByUser = function () {
|
|
embedder.send('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_CLOSED_' + guestId)
|
|
embedder.removeListener('render-view-deleted', closedByEmbedder)
|
|
}
|
|
if (!options.webPreferences.sandbox) {
|
|
// These events should only be handled when the guest window is opened by a
|
|
// non-sandboxed renderer for two reasons:
|
|
//
|
|
// - `render-view-deleted` is emitted when the popup is closed by the user,
|
|
// and that will eventually result in NativeWindow::NotifyWindowClosed
|
|
// using a dangling pointer since `destroy()` would have been called by
|
|
// `closeByEmbedded`
|
|
// - No need to emit `ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_CLOSED_` since
|
|
// there's no renderer code listening to it.,
|
|
embedder.once('render-view-deleted', closedByEmbedder)
|
|
guest.once('closed', closedByUser)
|
|
}
|
|
if (frameName) {
|
|
frameToGuest.set(frameName, guest)
|
|
guest.frameName = frameName
|
|
guest.once('closed', function () {
|
|
frameToGuest.delete(frameName)
|
|
})
|
|
}
|
|
return guestId
|
|
}
|
|
|
|
// Create a new guest created by |embedder| with |options|.
|
|
const createGuest = function (embedder, url, frameName, options, postData) {
|
|
let guest = frameToGuest.get(frameName)
|
|
if (frameName && (guest != null)) {
|
|
guest.loadURL(url)
|
|
return guest.webContents.id
|
|
}
|
|
|
|
// Remember the embedder window's id.
|
|
if (options.webPreferences == null) {
|
|
options.webPreferences = {}
|
|
}
|
|
|
|
guest = new BrowserWindow(options)
|
|
if (!options.webContents || url !== 'about:blank') {
|
|
// We should not call `loadURL` if the window was constructed from an
|
|
// existing webContents(window.open in a sandboxed renderer) and if the url
|
|
// is not 'about:blank'.
|
|
//
|
|
// Navigating to the url when creating the window from an existing
|
|
// webContents would not be necessary(it will navigate there anyway), but
|
|
// apparently there's a bug that allows the child window to be scripted by
|
|
// the opener, even when the child window is from another origin.
|
|
//
|
|
// That's why the second condition(url !== "about:blank") is required: to
|
|
// force `OverrideSiteInstanceForNavigation` to be called and consequently
|
|
// spawn a new renderer if the new window is targeting a different origin.
|
|
//
|
|
// If the URL is "about:blank", then it is very likely that the opener just
|
|
// wants to synchronously script the popup, for example:
|
|
//
|
|
// let popup = window.open()
|
|
// popup.document.body.write('<h1>hello</h1>')
|
|
//
|
|
// The above code would not work if a navigation to "about:blank" is done
|
|
// here, since the window would be cleared of all changes in the next tick.
|
|
const loadOptions = {}
|
|
if (postData != null) {
|
|
loadOptions.postData = postData
|
|
loadOptions.extraHeaders = 'content-type: application/x-www-form-urlencoded'
|
|
if (postData.length > 0) {
|
|
const postDataFront = postData[0].bytes.toString()
|
|
const boundary = /^--.*[^-\r\n]/.exec(postDataFront)
|
|
if (boundary != null) {
|
|
loadOptions.extraHeaders = `content-type: multipart/form-data; boundary=${boundary[0].substr(2)}`
|
|
}
|
|
}
|
|
}
|
|
guest.loadURL(url, loadOptions)
|
|
}
|
|
|
|
return setupGuest(embedder, frameName, guest, options)
|
|
}
|
|
|
|
const getGuestWindow = function (guestContents) {
|
|
let guestWindow = BrowserWindow.fromWebContents(guestContents)
|
|
if (guestWindow == null) {
|
|
const hostContents = guestContents.hostWebContents
|
|
if (hostContents != null) {
|
|
guestWindow = BrowserWindow.fromWebContents(hostContents)
|
|
}
|
|
}
|
|
return guestWindow
|
|
}
|
|
|
|
// Checks whether |sender| can access the |target|:
|
|
// 1. Check whether |sender| is the parent of |target|.
|
|
// 2. Check whether |sender| has node integration, if so it is allowed to
|
|
// do anything it wants.
|
|
// 3. Check whether the origins match.
|
|
//
|
|
// However it allows a child window without node integration but with same
|
|
// origin to do anything it wants, when its opener window has node integration.
|
|
// The W3C does not have anything on this, but from my understanding of the
|
|
// security model of |window.opener|, this should be fine.
|
|
const canAccessWindow = function (sender, target) {
|
|
return (target.getWebPreferences().openerId === sender.id) ||
|
|
(sender.getWebPreferences().nodeIntegration === true) ||
|
|
isSameOrigin(sender.getURL(), target.getURL())
|
|
}
|
|
|
|
// Routed window.open messages with raw options
|
|
ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_OPEN', (event, url, frameName, features) => {
|
|
if (url == null || url === '') url = 'about:blank'
|
|
if (frameName == null) frameName = ''
|
|
if (features == null) features = ''
|
|
|
|
const options = {}
|
|
|
|
const ints = ['x', 'y', 'width', 'height', 'minWidth', 'maxWidth', 'minHeight', 'maxHeight', 'zoomFactor']
|
|
const webPreferences = ['zoomFactor', 'nodeIntegration', 'preload', 'javascript', 'contextIsolation']
|
|
const disposition = 'new-window'
|
|
|
|
// Used to store additional features
|
|
const additionalFeatures = []
|
|
|
|
// Parse the features
|
|
parseFeaturesString(features, function (key, value) {
|
|
if (value === undefined) {
|
|
additionalFeatures.push(key)
|
|
} else {
|
|
// Don't allow webPreferences to be set since it must be an object
|
|
// that cannot be directly overridden
|
|
if (key === 'webPreferences') return
|
|
|
|
if (webPreferences.includes(key)) {
|
|
if (options.webPreferences == null) {
|
|
options.webPreferences = {}
|
|
}
|
|
options.webPreferences[key] = value
|
|
} else {
|
|
options[key] = value
|
|
}
|
|
}
|
|
})
|
|
if (options.left) {
|
|
if (options.x == null) {
|
|
options.x = options.left
|
|
}
|
|
}
|
|
if (options.top) {
|
|
if (options.y == null) {
|
|
options.y = options.top
|
|
}
|
|
}
|
|
if (options.title == null) {
|
|
options.title = frameName
|
|
}
|
|
if (options.width == null) {
|
|
options.width = 800
|
|
}
|
|
if (options.height == null) {
|
|
options.height = 600
|
|
}
|
|
|
|
for (const name of ints) {
|
|
if (options[name] != null) {
|
|
options[name] = parseInt(options[name], 10)
|
|
}
|
|
}
|
|
|
|
ipcMain.emit('ELECTRON_GUEST_WINDOW_MANAGER_INTERNAL_WINDOW_OPEN', event,
|
|
url, frameName, disposition, options, additionalFeatures)
|
|
})
|
|
|
|
// Routed window.open messages with fully parsed options
|
|
ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_INTERNAL_WINDOW_OPEN', function (event, url, frameName,
|
|
disposition, options,
|
|
additionalFeatures, postData) {
|
|
options = mergeBrowserWindowOptions(event.sender, options)
|
|
event.sender.emit('new-window', event, url, frameName, disposition, options, additionalFeatures)
|
|
const newGuest = event.newGuest
|
|
if ((event.sender.isGuest() && !event.sender.allowPopups) || event.defaultPrevented) {
|
|
if (newGuest !== undefined && newGuest !== null) {
|
|
event.returnValue = setupGuest(event.sender, frameName, newGuest, options)
|
|
} else {
|
|
event.returnValue = null
|
|
}
|
|
} else {
|
|
event.returnValue = createGuest(event.sender, url, frameName, options, postData)
|
|
}
|
|
})
|
|
|
|
ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_CLOSE', function (event, guestId) {
|
|
const guestContents = webContents.fromId(guestId)
|
|
if (guestContents == null) return
|
|
|
|
if (!canAccessWindow(event.sender, guestContents)) {
|
|
console.error(`Blocked ${event.sender.getURL()} from closing its opener.`)
|
|
return
|
|
}
|
|
|
|
const guestWindow = getGuestWindow(guestContents)
|
|
if (guestWindow != null) guestWindow.destroy()
|
|
})
|
|
|
|
ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_METHOD', function (event, guestId, method, ...args) {
|
|
const guestContents = webContents.fromId(guestId)
|
|
if (guestContents == null) {
|
|
event.returnValue = null
|
|
return
|
|
}
|
|
|
|
if (!canAccessWindow(event.sender, guestContents)) {
|
|
console.error(`Blocked ${event.sender.getURL()} from calling ${method} on its opener.`)
|
|
event.returnValue = null
|
|
return
|
|
}
|
|
|
|
const guestWindow = getGuestWindow(guestContents)
|
|
if (guestWindow != null) {
|
|
event.returnValue = guestWindow[method](...args)
|
|
} else {
|
|
event.returnValue = null
|
|
}
|
|
})
|
|
|
|
ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_POSTMESSAGE', function (event, guestId, message, targetOrigin, sourceOrigin) {
|
|
if (targetOrigin == null) {
|
|
targetOrigin = '*'
|
|
}
|
|
|
|
const guestContents = webContents.fromId(guestId)
|
|
if (guestContents == null) return
|
|
|
|
// The W3C does not seem to have word on how postMessage should work when the
|
|
// origins do not match, so we do not do |canAccessWindow| check here since
|
|
// postMessage across origins is useful and not harmful.
|
|
if (guestContents.getURL().indexOf(targetOrigin) === 0 || targetOrigin === '*') {
|
|
const sourceId = event.sender.id
|
|
guestContents.send('ELECTRON_GUEST_WINDOW_POSTMESSAGE', sourceId, message, sourceOrigin)
|
|
}
|
|
})
|
|
|
|
ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_WEB_CONTENTS_METHOD', function (event, guestId, method, ...args) {
|
|
const guestContents = webContents.fromId(guestId)
|
|
if (guestContents == null) return
|
|
|
|
if (canAccessWindow(event.sender, guestContents)) {
|
|
guestContents[method](...args)
|
|
} else {
|
|
console.error(`Blocked ${event.sender.getURL()} from calling ${method} on its opener.`)
|
|
}
|
|
})
|
|
|
|
ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_WEB_CONTENTS_METHOD_SYNC', function (event, guestId, method, ...args) {
|
|
const guestContents = webContents.fromId(guestId)
|
|
if (guestContents == null) {
|
|
event.returnValue = null
|
|
return
|
|
}
|
|
|
|
if (canAccessWindow(event.sender, guestContents)) {
|
|
event.returnValue = guestContents[method](...args)
|
|
} else {
|
|
console.error(`Blocked ${event.sender.getURL()} from calling ${method} on its opener.`)
|
|
event.returnValue = null
|
|
}
|
|
})
|