electron/lib/renderer/content-scripts-injector.ts
Samuel Maddock 42b7b25ac3 feat: support chrome extensions in sandboxed renderer (#16218)
* Add content script injector to sandboxed renderer

* Fix 'getRenderProcessPreferences' binding to the wrong object

* Pass getRenderProcessPreferences to content-scripts-injector

* Emit document-start and document-end  events in sandboxed renderer

* Use GetContext from RendererClientBase

* Prevent script context crash caused by lazily initialization

* Remove frame filtering logic for onExit callback

Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.

* Add initial content script tests

* Add contextIsolation variants to content script tests

* Add set include

* Fix already loaded extension error

* Add tests for content scripts 'run_at' options

* Catch script injection eval error when CSP forbids it

This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.

* Fix content script tests not properly cleaning up extensions

* Fix lint and type errors
2019-03-07 16:00:28 -08:00

122 lines
4 KiB
TypeScript

import { ipcRendererInternal } from '@electron/internal/renderer/ipc-renderer-internal'
import { runInThisContext } from 'vm'
// Check whether pattern matches.
// https://developer.chrome.com/extensions/match_patterns
const matchesPattern = function (pattern: string) {
if (pattern === '<all_urls>') return true
const regexp = new RegExp(`^${pattern.replace(/\*/g, '.*')}$`)
const url = `${location.protocol}//${location.host}${location.pathname}`
return url.match(regexp)
}
// Run the code with chrome API integrated.
const runContentScript = function (this: any, extensionId: string, url: string, code: string) {
const context: { chrome?: any } = {}
require('@electron/internal/renderer/chrome-api').injectTo(extensionId, false, context)
const wrapper = `((chrome) => {\n ${code}\n })`
try {
const compiledWrapper = runInThisContext(wrapper, {
filename: url,
lineOffset: 1,
displayErrors: true
})
return compiledWrapper.call(this, context.chrome)
} catch (error) {
// TODO(samuelmaddock): Run scripts in isolated world, see chromium script_injection.cc
console.error(`Error running content script JavaScript for '${extensionId}'`)
console.error(error)
}
}
const runAllContentScript = function (scripts: Array<Electron.InjectionBase>, extensionId: string) {
for (const { url, code } of scripts) {
runContentScript.call(window, extensionId, url, code)
}
}
const runStylesheet = function (this: any, url: string, code: string) {
const wrapper = `((code) => {
function init() {
const styleElement = document.createElement('style');
styleElement.textContent = code;
document.head.append(styleElement);
}
document.addEventListener('DOMContentLoaded', init);
})`
try {
const compiledWrapper = runInThisContext(wrapper, {
filename: url,
lineOffset: 1,
displayErrors: true
})
return compiledWrapper.call(this, code)
} catch (error) {
// TODO(samuelmaddock): Insert stylesheet directly into document, see chromium script_injection.cc
console.error(`Error inserting content script stylesheet ${url}`)
console.error(error)
}
}
const runAllStylesheet = function (css: Array<Electron.InjectionBase>) {
for (const { url, code } of css) {
runStylesheet.call(window, url, code)
}
}
// Run injected scripts.
// https://developer.chrome.com/extensions/content_scripts
const injectContentScript = function (extensionId: string, script: Electron.ContentScript) {
if (!script.matches.some(matchesPattern)) return
if (script.js) {
const fire = runAllContentScript.bind(window, script.js, extensionId)
if (script.runAt === 'document_start') {
process.once('document-start', fire)
} else if (script.runAt === 'document_end') {
process.once('document-end', fire)
} else {
document.addEventListener('DOMContentLoaded', fire)
}
}
if (script.css) {
const fire = runAllStylesheet.bind(window, script.css)
if (script.runAt === 'document_start') {
process.once('document-start', fire)
} else if (script.runAt === 'document_end') {
process.once('document-end', fire)
} else {
document.addEventListener('DOMContentLoaded', fire)
}
}
}
// Handle the request of chrome.tabs.executeJavaScript.
ipcRendererInternal.on('CHROME_TABS_EXECUTESCRIPT', function (
event: Electron.Event,
senderWebContentsId: number,
requestId: number,
extensionId: string,
url: string,
code: string
) {
const result = runContentScript.call(window, extensionId, url, code)
ipcRendererInternal.sendToAll(senderWebContentsId, `CHROME_TABS_EXECUTESCRIPT_RESULT_${requestId}`, result)
})
module.exports = (getRenderProcessPreferences: typeof process.getRenderProcessPreferences) => {
// Read the renderer process preferences.
const preferences = getRenderProcessPreferences()
if (preferences) {
for (const pref of preferences) {
if (pref.contentScripts) {
for (const script of pref.contentScripts) {
injectContentScript(pref.extensionId, script)
}
}
}
}
}