From 46196ed97e0620f5ce23a6f0284e2f3c577df7cf Mon Sep 17 00:00:00 2001
From: Milan Burda <milan.burda@gmail.com>
Date: Sun, 3 Oct 2021 02:56:50 +0200
Subject: [PATCH] fix: sanitize params for 'context-menu' event sent over IPC
 for webview

---
 lib/browser/guest-view-manager.ts | 23 ++++++-----------------
 lib/common/web-view-events.ts     | 17 +++++++++++++++--
 2 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/lib/browser/guest-view-manager.ts b/lib/browser/guest-view-manager.ts
index 59e9c9f87a058..6912adda61748 100644
--- a/lib/browser/guest-view-manager.ts
+++ b/lib/browser/guest-view-manager.ts
@@ -21,13 +21,6 @@ const supportedWebViewEvents = Object.keys(webViewEvents);
 const guestInstances = new Map<number, GuestInstance>();
 const embedderElementsMap = new Map<string, number>();
 
-function sanitizeOptionsForGuest (options: Record<string, any>) {
-  const ret = { ...options };
-  // WebContents values can't be sent over IPC.
-  delete ret.webContents;
-  return ret;
-}
-
 function makeWebPreferences (embedder: Electron.WebContents, params: Record<string, any>) {
   // parse the 'webpreferences' attribute string, if set
   // this uses the same parsing rules as window.open uses for its features
@@ -138,7 +131,12 @@ const createGuest = function (embedder: Electron.WebContents, embedderFrameId: n
   const makeProps = (eventKey: string, args: any[]) => {
     const props: Record<string, any> = {};
     webViewEvents[eventKey].forEach((prop, index) => {
-      props[prop] = args[index];
+      if (Array.isArray(prop)) {
+        const [name, sanitizer] = prop;
+        props[name] = sanitizer(args[index]);
+      } else {
+        props[prop as string] = args[index];
+      }
     });
     return props;
   };
@@ -150,15 +148,6 @@ const createGuest = function (embedder: Electron.WebContents, embedderFrameId: n
     });
   }
 
-  guest.on('new-window', function (event, url, frameName, disposition, options) {
-    sendToEmbedder(IPC_MESSAGES.GUEST_VIEW_INTERNAL_DISPATCH_EVENT, 'new-window', {
-      url,
-      frameName,
-      disposition,
-      options: sanitizeOptionsForGuest(options)
-    });
-  });
-
   // Dispatch guest's IPC messages to embedder.
   guest.on('ipc-message-host' as any, function (event: Electron.IpcMainEvent, channel: string, args: any[]) {
     sendToEmbedder(IPC_MESSAGES.GUEST_VIEW_INTERNAL_DISPATCH_EVENT, 'ipc-message', {
diff --git a/lib/common/web-view-events.ts b/lib/common/web-view-events.ts
index d571ecedde534..ffe97d4ebdb7c 100644
--- a/lib/common/web-view-events.ts
+++ b/lib/common/web-view-events.ts
@@ -1,4 +1,16 @@
-export const webViewEvents: Record<string, readonly string[]> = {
+type Sanitizer = (obj: Record<string, any>) => Record<string, any>;
+
+function makeSanitizer (names: string[]): Sanitizer {
+  return (obj: Record<string, any>) => {
+    const ret = { ...obj };
+    for (const name of names) {
+      delete ret[name];
+    }
+    return ret;
+  };
+}
+
+export const webViewEvents: Record<string, readonly (string | readonly [string, Sanitizer])[]> = {
   'load-commit': ['url', 'isMainFrame'],
   'did-attach': [],
   'did-finish-load': [],
@@ -8,7 +20,8 @@ export const webViewEvents: Record<string, readonly string[]> = {
   'did-stop-loading': [],
   'dom-ready': [],
   'console-message': ['level', 'message', 'line', 'sourceId'],
-  'context-menu': ['params'],
+  'context-menu': [['params', makeSanitizer(['frame'])]],
+  'new-window': ['url', 'frameName', 'disposition', ['options', makeSanitizer(['webContents'])]],
   'devtools-opened': [],
   'devtools-closed': [],
   'devtools-focused': [],