Merge branch '21-x-y' into trop/21-x-y-bp-feat-allow-custom-v8-snapsh…

…ots-to-be-used-in-the-main-process-and-the-default-snapshot-in-the-renderer-process-1663273306165

.nvmrc

@@ -1 +1 @@
-14
+16

ELECTRON_VERSION

@@ -1 +1 @@
-21.0.0-beta.5
+21.0.0-beta.7

docs/api/web-frame-main.md

@@ -169,6 +169,16 @@ convenient when `nodeIntegrationInSubFrames` is not enabled.
 
 A `string` representing the current URL of the frame.
 
+#### `frame.origin` _Readonly_
+
+A `string` representing the current origin of the frame, serialized according
+to [RFC 6454](https://www.rfc-editor.org/rfc/rfc6454). This may be different
+from the URL. For instance, if the frame is a child window opened to
+`about:blank`, then `frame.origin` will return the parent frame's origin, while
+`frame.url` will return the empty string. Pages without a scheme/host/port
+triple origin will have the serialized origin of `"null"` (that is, the string
+containing the letters n, u, l, l).
+
 #### `frame.top` _Readonly_
 
 A `WebFrameMain | null` representing top frame in the frame hierarchy to which `frame`

docs/tutorial/security.md

@@ -256,7 +256,7 @@ the sandbox in all renderers. Loading, reading or processing any untrusted
 content in an unsandboxed process, including the main process, is not advised.
 
 :::info
-For more information on what `contextIsolation` is and how to enable it please
+For more information on what Process Sandboxing is and how to enable it please
 see our dedicated [Process Sandboxing](sandbox.md) document.
 :::info
 

lib/browser/.eslintrc.json

@@ -18,4 +18,4 @@
       }
     ]
   }
-}
+}

lib/common/.eslintrc.json

@@ -0,0 +1,23 @@
+{
+  "rules": {
+    "no-restricted-imports": [
+      "error",
+      {
+        "paths": [
+          "electron",
+          "electron/main",
+          "electron/renderer"
+        ],
+        "patterns": [
+          "./*",
+          "../*",
+          "@electron/internal/browser/*",
+          "@electron/internal/isolated_renderer/*",
+          "@electron/internal/renderer/*",
+          "@electron/internal/sandboxed_worker/*",
+          "@electron/internal/worker/*"
+        ]
+      }
+    ]
+  }
+}

lib/common/api/clipboard.ts

@@ -1,5 +1,6 @@
 import { IPC_MESSAGES } from '@electron/internal/common/ipc-messages';
 
+// eslint-disable-next-line no-restricted-imports
 import type * as ipcRendererUtilsModule from '@electron/internal/renderer/ipc-renderer-internal-utils';
 
 const clipboard = process._linkedBinding('electron_common_clipboard');

lib/isolated_renderer/.eslintrc.json

@@ -0,0 +1,18 @@
+{
+  "rules": {
+    "no-restricted-imports": [
+      "error",
+      {
+        "paths": [
+          "electron",
+          "electron/main"
+        ],
+        "patterns": [
+          "./*",
+          "../*",
+          "@electron/internal/browser/*"
+        ]
+      }
+    ]
+  }
+}

lib/renderer/.eslintrc.json

@@ -0,0 +1,18 @@
+{
+  "rules": {
+    "no-restricted-imports": [
+      "error",
+      {
+        "paths": [
+          "electron",
+          "electron/main"
+        ],
+        "patterns": [
+          "./*",
+          "../*",
+          "@electron/internal/browser/*"
+        ]
+      }
+    ]
+  }
+}

lib/renderer/common-init.ts

@@ -1,4 +1,4 @@
-import { ipcRenderer } from 'electron';
+import { ipcRenderer } from 'electron/renderer';
 import { ipcRendererInternal } from '@electron/internal/renderer/ipc-renderer-internal';
 
 import type * as webViewInitModule from '@electron/internal/renderer/web-view/web-view-init';

lib/renderer/inspector.ts

@@ -2,7 +2,7 @@ import { internalContextBridge } from '@electron/internal/renderer/api/context-b
 import { ipcRendererInternal } from '@electron/internal/renderer/ipc-renderer-internal';
 import * as ipcRendererUtils from '@electron/internal/renderer/ipc-renderer-internal-utils';
 import { webFrame } from 'electron/renderer';
-import { IPC_MESSAGES } from '../common/ipc-messages';
+import { IPC_MESSAGES } from '@electron/internal/common/ipc-messages';
 
 const { contextIsolationEnabled } = internalContextBridge;
 

lib/renderer/web-frame-init.ts

@@ -1,4 +1,4 @@
-import { webFrame, WebFrame } from 'electron';
+import { webFrame, WebFrame } from 'electron/renderer';
 import * as ipcRendererUtils from '@electron/internal/renderer/ipc-renderer-internal-utils';
 import { IPC_MESSAGES } from '@electron/internal/common/ipc-messages';
 

lib/sandboxed_renderer/.eslintrc.json

@@ -0,0 +1,18 @@
+{
+  "rules": {
+    "no-restricted-imports": [
+      "error",
+      {
+        "paths": [
+          "electron",
+          "electron/main"
+        ],
+        "patterns": [
+          "./*",
+          "../*",
+          "@electron/internal/browser/*"
+        ]
+      }
+    ]
+  }
+}

lib/worker/.eslintrc.json

@@ -0,0 +1,18 @@
+{
+  "rules": {
+    "no-restricted-imports": [
+      "error",
+      {
+        "paths": [
+          "electron",
+          "electron/main"
+        ],
+        "patterns": [
+          "./*",
+          "../*",
+          "@electron/internal/browser/*"
+        ]
+      }
+    ]
+  }
+}

package.json

@@ -1,6 +1,6 @@
 {
   "name": "electron",
-  "version": "21.0.0-beta.5",
+  "version": "21.0.0-beta.7",
   "repository": "https://github.com/electron/electron",
   "description": "Build cross platform desktop apps with JavaScript, HTML, and CSS",
   "devDependencies": {

patches/chromium/.patches

@@ -121,4 +121,5 @@ fix_revert_emulationhandler_update_functions_to_early_return.patch
 fix_return_v8_value_from_localframe_requestexecutescript.patch
 disable_optimization_guide_for_preconnect_feature.patch
 fix_the_gn_gen_for_components_segmentation_platform.patch
+fix_crash_loading_non-standard_schemes_in_iframes.patch
 create_browser_v8_snapshot_file_name_fuse.patch

patches/chromium/fix_crash_loading_non-standard_schemes_in_iframes.patch

@@ -0,0 +1,78 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Shelley Vohr <shelley.vohr@gmail.com>
+Date: Mon, 29 Aug 2022 11:44:57 +0200
+Subject: fix: crash loading non-standard schemes in iframes
+
+This fixes a crash that occurs when loading non-standard schemes from
+iframes or webviews. This was happening because
+ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin contains explicit
+exceptions to allow built-in non-standard schemes, but does not check
+for non-standard schemes registered by the embedder.
+
+Upstream, https://bugs.chromium.org/p/chromium/issues/detail?id=1081397
+contains several paths forward - here I chose to swap out the
+CHECK in navigation_request.cc from policy->CanAccessDataForOrigin to
+policy->CanCommitOriginAndUrl.
+
+Upstreamed at https://chromium-review.googlesource.com/c/chromium/src/+/3856266.
+
+diff --git a/content/browser/renderer_host/navigation_request.cc b/content/browser/renderer_host/navigation_request.cc
+index 37434a26db44ed035fcbebd9febbda10efa859da..060b310d38db85944e37b8a202493212106d8946 100644
+--- a/content/browser/renderer_host/navigation_request.cc
++++ b/content/browser/renderer_host/navigation_request.cc
+@@ -6573,10 +6573,11 @@ std::pair<url::Origin, std::string> NavigationRequest::
+   if (IsForMhtmlSubframe())
+     return origin_with_debug_info;
+
+-  int process_id = GetRenderFrameHost()->GetProcess()->GetID();
+-  auto* policy = ChildProcessSecurityPolicyImpl::GetInstance();
+-  CHECK(
+-      policy->CanAccessDataForOrigin(process_id, origin_with_debug_info.first));
++  CanCommitStatus can_commit = GetRenderFrameHost()->CanCommitOriginAndUrl(
++    origin_with_debug_info.first, GetURL(), IsSameDocument(), IsPdf(),
++    GetUrlInfo().is_sandboxed);
++  CHECK_EQ(CanCommitStatus::CAN_COMMIT_ORIGIN_AND_URL, can_commit);
++
+   return origin_with_debug_info;
+ }
+
+diff --git a/content/browser/renderer_host/render_frame_host_impl.h b/content/browser/renderer_host/render_frame_host_impl.h
+index 6aff64db8cc09f95d658fe9e0bd54c0b4c6ff433..e1dda0c951f9ea6f28b6d43ab2b9d4481f5d7773 100644
+--- a/content/browser/renderer_host/render_frame_host_impl.h
++++ b/content/browser/renderer_host/render_frame_host_impl.h
+@@ -2557,6 +2557,17 @@ class CONTENT_EXPORT RenderFrameHostImpl
+     HandleAXEvents(tree_id, std::move(updates_and_events), reset_token);
+   }
+
++  // Returns whether the given origin and URL is allowed to commit in the
++  // current RenderFrameHost. The |url| is used to ensure it matches the origin
++  // in cases where it is applicable. This is a more conservative check than
++  // RenderProcessHost::FilterURL, since it will be used to kill processes that
++  // commit unauthorized origins.
++  CanCommitStatus CanCommitOriginAndUrl(const url::Origin& origin,
++                                        const GURL& url,
++                                        bool is_same_document_navigation,
++                                        bool is_pdf,
++                                        bool is_sandboxed);
++
+  protected:
+   friend class RenderFrameHostFactory;
+
+@@ -2892,17 +2903,6 @@ class CONTENT_EXPORT RenderFrameHostImpl
+   // relevant.
+   void ResetWaitingState();
+
+-  // Returns whether the given origin and URL is allowed to commit in the
+-  // current RenderFrameHost. The |url| is used to ensure it matches the origin
+-  // in cases where it is applicable. This is a more conservative check than
+-  // RenderProcessHost::FilterURL, since it will be used to kill processes that
+-  // commit unauthorized origins.
+-  CanCommitStatus CanCommitOriginAndUrl(const url::Origin& origin,
+-                                        const GURL& url,
+-                                        bool is_same_document_navigation,
+-                                        bool is_pdf,
+-                                        bool is_sandboxed);
+-
+   // Returns whether a subframe navigation request should be allowed to commit
+   // to the current RenderFrameHost.
+   bool CanSubframeCommitOriginAndUrl(NavigationRequest* navigation_request);

patches/node/fix_crash_caused_by_gethostnamew_on_windows_7.patch

@@ -6,7 +6,7 @@ Subject: fix: crash caused by GetHostNameW on Windows 7
 Backported from https://github.com/libuv/libuv/pull/3285.
 
 diff --git a/deps/uv/src/win/util.c b/deps/uv/src/win/util.c
-index 33e874ac442f88b58d2b68c8ec9764f6f664552e..2d4cc0aaa02e61bf359e80eca27527efb49fd85e 100644
+index 33e874ac442f88b58d2b68c8ec9764f6f664552e..37ece5e2867ab836492a8b7faa0aa5e1b8e562f0 100644
 --- a/deps/uv/src/win/util.c
 +++ b/deps/uv/src/win/util.c
 @@ -37,6 +37,7 @@
@@ -166,3 +166,17 @@ index 33e874ac442f88b58d2b68c8ec9764f6f664552e..2d4cc0aaa02e61bf359e80eca27527ef
  int uv_os_gethostname(char* buffer, size_t* size) {
    WCHAR buf[UV_MAXHOSTNAMESIZE];
    size_t len;
+@@ -1674,10 +1803,10 @@ int uv_os_gethostname(char* buffer, size_t* size) {
+
+   uv__once_init(); /* Initialize winsock */
+
+-  if (pGetHostNameW == NULL)
+-    return UV_ENOSYS;
++  uv_sGetHostNameW gethostnamew =
++      pGetHostNameW == NULL ? uv__gethostnamew_nt60 : pGetHostNameW;
+
+-  if (pGetHostNameW(buf, UV_MAXHOSTNAMESIZE) != 0)
++  if (gethostnamew(buf, UV_MAXHOSTNAMESIZE) != 0)
+     return uv_translate_sys_error(WSAGetLastError());
+
+   convert_result = uv__convert_utf16_to_utf8(buf, -1, &utf8_str);

patches/node/fix_suppress_clang_-wdeprecated-declarations_in_libuv.patch

@@ -6,7 +6,7 @@ Subject: fix: suppress clang -Wdeprecated-declarations in libuv
 Should be upstreamed.
 
 diff --git a/deps/uv/src/win/util.c b/deps/uv/src/win/util.c
-index 2d4cc0aaa02e61bf359e80eca27527efb49fd85e..aaa16052e2a9c7d1dca82763c41c0890371f1471 100644
+index 37ece5e2867ab836492a8b7faa0aa5e1b8e562f0..d50296728f7e0810064647125a469f3ed714f8ea 100644
 --- a/deps/uv/src/win/util.c
 +++ b/deps/uv/src/win/util.c
 @@ -1950,10 +1950,17 @@ int uv_os_uname(uv_utsname_t* buffer) {

script/check-symlinks.js

@@ -2,13 +2,14 @@ const fs = require('fs');
 const path = require('path');
 
 const utils = require('./lib/utils');
+const branding = require('../shell/app/BRANDING.json');
 
 if (process.platform !== 'darwin') {
   console.log('Not checking symlinks on non-darwin platform');
   process.exit(0);
 }
 
-const appPath = path.resolve(__dirname, '..', '..', 'out', utils.getOutDir(), 'Electron.app');
+const appPath = path.resolve(__dirname, '..', '..', 'out', utils.getOutDir(), `${branding.product_name}.app`);
 const visited = new Set();
 const traverse = (p) => {
   if (visited.has(p)) return;

shell/browser/api/electron_api_web_contents.cc

@@ -143,6 +143,10 @@
 #include "shell/browser/osr/osr_web_contents_view.h"
 #endif
 
+#if BUILDFLAG(IS_WIN)
+#include "shell/browser/native_window_views.h"
+#endif
+
 #if !BUILDFLAG(IS_MAC)
 #include "ui/aura/window.h"
 #else
@@ -175,9 +179,8 @@
 
 #if BUILDFLAG(IS_WIN)
 #include "printing/backend/win_helper.h"
-#include "shell/browser/native_window_views.h"
-#endif
 #endif
+#endif  // BUILDFLAG(ENABLE_PRINTING)
 
 #if BUILDFLAG(ENABLE_PICTURE_IN_PICTURE)
 #include "chrome/browser/picture_in_picture/picture_in_picture_window_manager.h"

shell/browser/api/electron_api_web_frame_main.cc

@@ -296,6 +296,12 @@ GURL WebFrameMain::URL() const {
   return render_frame_->GetLastCommittedURL();
 }
 
+std::string WebFrameMain::Origin() const {
+  if (!CheckRenderFrame())
+    return std::string();
+  return render_frame_->GetLastCommittedOrigin().Serialize();
+}
+
 blink::mojom::PageVisibilityState WebFrameMain::VisibilityState() const {
   if (!CheckRenderFrame())
     return blink::mojom::PageVisibilityState::kHidden;
@@ -397,6 +403,7 @@ v8::Local<v8::ObjectTemplate> WebFrameMain::FillObjectTemplate(
       .SetProperty("processId", &WebFrameMain::ProcessID)
       .SetProperty("routingId", &WebFrameMain::RoutingID)
       .SetProperty("url", &WebFrameMain::URL)
+      .SetProperty("origin", &WebFrameMain::Origin)
       .SetProperty("visibilityState", &WebFrameMain::VisibilityState)
       .SetProperty("top", &WebFrameMain::Top)
       .SetProperty("parent", &WebFrameMain::Parent)

shell/browser/api/electron_api_web_frame_main.h

@@ -109,6 +109,7 @@ class WebFrameMain : public gin::Wrappable<WebFrameMain>,
   int ProcessID() const;
   int RoutingID() const;
   GURL URL() const;
+  std::string Origin() const;
   blink::mojom::PageVisibilityState VisibilityState() const;
 
   content::RenderFrameHost* Top() const;

shell/browser/resources/win/electron.rc

@@ -50,8 +50,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 21,0,0,5
- PRODUCTVERSION 21,0,0,5
+ FILEVERSION 21,0,0,7
+ PRODUCTVERSION 21,0,0,7
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L

shell/browser/serial/electron_serial_delegate.cc

@@ -66,16 +66,18 @@ device::mojom::SerialPortManager* ElectronSerialDelegate::GetPortManager(
   return GetChooserContext(frame)->GetPortManager();
 }
 
-void ElectronSerialDelegate::AddObserver(content::RenderFrameHost* frame,
-                                         Observer* observer) {
+void ElectronSerialDelegate::AddObserver(
+    content::RenderFrameHost* frame,
+    content::SerialDelegate::Observer* observer) {
   observer_list_.AddObserver(observer);
   auto* chooser_context = GetChooserContext(frame);
   if (!port_observation_.IsObserving())
     port_observation_.Observe(chooser_context);
 }
 
-void ElectronSerialDelegate::RemoveObserver(content::RenderFrameHost* frame,
-                                            Observer* observer) {
+void ElectronSerialDelegate::RemoveObserver(
+    content::RenderFrameHost* frame,
+    content::SerialDelegate::Observer* observer) {
   observer_list_.RemoveObserver(observer);
 }