From cb08a466ac9bb9819dbffdbf93e4255aad51e865 Mon Sep 17 00:00:00 2001 From: Sudowoodo Release Bot <88427002+sudowoodo-release-bot[bot]@users.noreply.github.com> Date: Thu, 15 Sep 2022 13:31:46 -0700 Subject: [PATCH 01/12] Bump v21.0.0-beta.6 --- ELECTRON_VERSION | 2 +- package.json | 2 +- shell/browser/resources/win/electron.rc | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ELECTRON_VERSION b/ELECTRON_VERSION index c8bf94a544abf..680e9b9bea5b6 100644 --- a/ELECTRON_VERSION +++ b/ELECTRON_VERSION @@ -1 +1 @@ -21.0.0-beta.5 \ No newline at end of file +21.0.0-beta.6 \ No newline at end of file diff --git a/package.json b/package.json index 2b7bacaa6deb2..cac68d5f4f9c3 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "electron", - "version": "21.0.0-beta.5", + "version": "21.0.0-beta.6", "repository": "https://github.com/electron/electron", "description": "Build cross platform desktop apps with JavaScript, HTML, and CSS", "devDependencies": { diff --git a/shell/browser/resources/win/electron.rc b/shell/browser/resources/win/electron.rc index b2beab41c0377..4bfcbdf9c74ce 100644 --- a/shell/browser/resources/win/electron.rc +++ b/shell/browser/resources/win/electron.rc @@ -50,8 +50,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 21,0,0,5 - PRODUCTVERSION 21,0,0,5 + FILEVERSION 21,0,0,6 + PRODUCTVERSION 21,0,0,6 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L From c5e920e361bce1abb4beaa2569535fa970985753 Mon Sep 17 00:00:00 2001 From: "trop[bot]" <37223003+trop[bot]@users.noreply.github.com> Date: Thu, 15 Sep 2022 14:05:12 -0700 Subject: [PATCH 02/12] build: make check-symlinks.js aware of BRANDING.json changes (#35669) Right now the `check-symlinks.js` assumes that the branding product name is "Electron". If users change `BRANDING.json` on custom builds, the script will fail. Signed-off-by: Juan Cruz Viotti Signed-off-by: Juan Cruz Viotti Co-authored-by: Juan Cruz Viotti --- script/check-symlinks.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/script/check-symlinks.js b/script/check-symlinks.js index db422bb6dc7e6..c68e2ac27eb82 100644 --- a/script/check-symlinks.js +++ b/script/check-symlinks.js @@ -2,13 +2,14 @@ const fs = require('fs'); const path = require('path'); const utils = require('./lib/utils'); +const branding = require('../shell/app/BRANDING.json'); if (process.platform !== 'darwin') { console.log('Not checking symlinks on non-darwin platform'); process.exit(0); } -const appPath = path.resolve(__dirname, '..', '..', 'out', utils.getOutDir(), 'Electron.app'); +const appPath = path.resolve(__dirname, '..', '..', 'out', utils.getOutDir(), `${branding.product_name}.app`); const visited = new Set(); const traverse = (p) => { if (visited.has(p)) return; From b5cf0ad9710d0c36f51d9cbcb3dff927ba951093 Mon Sep 17 00:00:00 2001 From: "trop[bot]" <37223003+trop[bot]@users.noreply.github.com> Date: Thu, 15 Sep 2022 15:20:20 -0700 Subject: [PATCH 03/12] feat: webFrameMain.origin (#35534) * feat: webFrameMain.origin * add tests * update docs * fix spec Co-authored-by: Jeremy Rose Co-authored-by: Milan Burda --- docs/api/web-frame-main.md | 10 +++ .../api/electron_api_web_frame_main.cc | 7 ++ .../browser/api/electron_api_web_frame_main.h | 1 + spec-main/api-web-frame-main-spec.ts | 78 +++++++++++++++---- 4 files changed, 82 insertions(+), 14 deletions(-) diff --git a/docs/api/web-frame-main.md b/docs/api/web-frame-main.md index 8ce004b6e9172..3d3b87b354028 100644 --- a/docs/api/web-frame-main.md +++ b/docs/api/web-frame-main.md @@ -169,6 +169,16 @@ convenient when `nodeIntegrationInSubFrames` is not enabled. A `string` representing the current URL of the frame. +#### `frame.origin` _Readonly_ + +A `string` representing the current origin of the frame, serialized according +to [RFC 6454](https://www.rfc-editor.org/rfc/rfc6454). This may be different +from the URL. For instance, if the frame is a child window opened to +`about:blank`, then `frame.origin` will return the parent frame's origin, while +`frame.url` will return the empty string. Pages without a scheme/host/port +triple origin will have the serialized origin of `"null"` (that is, the string +containing the letters n, u, l, l). + #### `frame.top` _Readonly_ A `WebFrameMain | null` representing top frame in the frame hierarchy to which `frame` diff --git a/shell/browser/api/electron_api_web_frame_main.cc b/shell/browser/api/electron_api_web_frame_main.cc index 178d3e30bda98..0c92c632f3909 100644 --- a/shell/browser/api/electron_api_web_frame_main.cc +++ b/shell/browser/api/electron_api_web_frame_main.cc @@ -296,6 +296,12 @@ GURL WebFrameMain::URL() const { return render_frame_->GetLastCommittedURL(); } +std::string WebFrameMain::Origin() const { + if (!CheckRenderFrame()) + return std::string(); + return render_frame_->GetLastCommittedOrigin().Serialize(); +} + blink::mojom::PageVisibilityState WebFrameMain::VisibilityState() const { if (!CheckRenderFrame()) return blink::mojom::PageVisibilityState::kHidden; @@ -397,6 +403,7 @@ v8::Local WebFrameMain::FillObjectTemplate( .SetProperty("processId", &WebFrameMain::ProcessID) .SetProperty("routingId", &WebFrameMain::RoutingID) .SetProperty("url", &WebFrameMain::URL) + .SetProperty("origin", &WebFrameMain::Origin) .SetProperty("visibilityState", &WebFrameMain::VisibilityState) .SetProperty("top", &WebFrameMain::Top) .SetProperty("parent", &WebFrameMain::Parent) diff --git a/shell/browser/api/electron_api_web_frame_main.h b/shell/browser/api/electron_api_web_frame_main.h index e8f1715ab83a2..32e5e351d505d 100644 --- a/shell/browser/api/electron_api_web_frame_main.h +++ b/shell/browser/api/electron_api_web_frame_main.h @@ -109,6 +109,7 @@ class WebFrameMain : public gin::Wrappable, int ProcessID() const; int RoutingID() const; GURL URL() const; + std::string Origin() const; blink::mojom::PageVisibilityState VisibilityState() const; content::RenderFrameHost* Top() const; diff --git a/spec-main/api-web-frame-main-spec.ts b/spec-main/api-web-frame-main-spec.ts index 1bc812832fad5..9ce8f071e2f17 100644 --- a/spec-main/api-web-frame-main-spec.ts +++ b/spec-main/api-web-frame-main-spec.ts @@ -2,11 +2,11 @@ import { expect } from 'chai'; import * as http from 'http'; import * as path from 'path'; import * as url from 'url'; -import { BrowserWindow, WebFrameMain, webFrameMain, ipcMain } from 'electron/main'; +import { BrowserWindow, WebFrameMain, webFrameMain, ipcMain, app, WebContents } from 'electron/main'; import { closeAllWindows } from './window-helpers'; import { emittedOnce, emittedNTimes } from './events-helpers'; import { AddressInfo } from 'net'; -import { ifit, waitUntil } from './spec-helpers'; +import { defer, ifit, waitUntil } from './spec-helpers'; describe('webFrameMain module', () => { const fixtures = path.resolve(__dirname, '..', 'spec-main', 'fixtures'); @@ -39,7 +39,7 @@ describe('webFrameMain module', () => { let webFrame: WebFrameMain; beforeEach(async () => { - w = new BrowserWindow({ show: false, webPreferences: { contextIsolation: true } }); + w = new BrowserWindow({ show: false }); await w.loadFile(path.join(subframesPath, 'frame-with-frame-container.html')); webFrame = w.webContents.mainFrame; }); @@ -88,8 +88,8 @@ describe('webFrameMain module', () => { }); describe('cross-origin', () => { - let serverA = null as unknown as Server; - let serverB = null as unknown as Server; + let serverA: Server; + let serverB: Server; before(async () => { serverA = await createServer(); @@ -112,7 +112,7 @@ describe('webFrameMain module', () => { describe('WebFrame.url', () => { it('should report correct address for each subframe', async () => { - const w = new BrowserWindow({ show: false, webPreferences: { contextIsolation: true } }); + const w = new BrowserWindow({ show: false }); await w.loadFile(path.join(subframesPath, 'frame-with-frame-container.html')); const webFrame = w.webContents.mainFrame; @@ -122,9 +122,59 @@ describe('webFrameMain module', () => { }); }); + describe('WebFrame.origin', () => { + it('should be null for a fresh WebContents', () => { + const w = new BrowserWindow({ show: false }); + expect(w.webContents.mainFrame.origin).to.equal('null'); + }); + + it('should be file:// for file frames', async () => { + const w = new BrowserWindow({ show: false }); + await w.loadFile(path.join(fixtures, 'blank.html')); + expect(w.webContents.mainFrame.origin).to.equal('file://'); + }); + + it('should be http:// for an http frame', async () => { + const w = new BrowserWindow({ show: false }); + const s = await createServer(); + defer(() => s.server.close()); + await w.loadURL(s.url); + expect(w.webContents.mainFrame.origin).to.equal(s.url.replace(/\/$/, '')); + }); + + it('should show parent origin when child page is about:blank', async () => { + const w = new BrowserWindow({ show: false }); + await w.loadFile(path.join(fixtures, 'blank.html')); + const webContentsCreated: Promise<[unknown, WebContents]> = emittedOnce(app, 'web-contents-created') as any; + expect(w.webContents.mainFrame.origin).to.equal('file://'); + await w.webContents.executeJavaScript('window.open("", null, "show=false"), null'); + const [, childWebContents] = await webContentsCreated; + expect(childWebContents.mainFrame.origin).to.equal('file://'); + }); + + it('should show parent frame\'s origin when about:blank child window opened through cross-origin subframe', async () => { + const w = new BrowserWindow({ show: false }); + const serverA = await createServer(); + const serverB = await createServer(); + defer(() => { + serverA.server.close(); + serverB.server.close(); + }); + await w.loadURL(serverA.url + '?frameSrc=' + encodeURIComponent(serverB.url)); + const { mainFrame } = w.webContents; + expect(mainFrame.origin).to.equal(serverA.url.replace(/\/$/, '')); + const [childFrame] = mainFrame.frames; + expect(childFrame.origin).to.equal(serverB.url.replace(/\/$/, '')); + const webContentsCreated: Promise<[unknown, WebContents]> = emittedOnce(app, 'web-contents-created') as any; + await childFrame.executeJavaScript('window.open("", null, "show=false"), null'); + const [, childWebContents] = await webContentsCreated; + expect(childWebContents.mainFrame.origin).to.equal(childFrame.origin); + }); + }); + describe('WebFrame IDs', () => { it('has properties for various identifiers', async () => { - const w = new BrowserWindow({ show: false, webPreferences: { contextIsolation: true } }); + const w = new BrowserWindow({ show: false }); await w.loadFile(path.join(subframesPath, 'frame.html')); const webFrame = w.webContents.mainFrame; expect(webFrame).to.have.ownProperty('url').that.is.a('string'); @@ -154,7 +204,7 @@ describe('webFrameMain module', () => { describe('WebFrame.executeJavaScript', () => { it('can inject code into any subframe', async () => { - const w = new BrowserWindow({ show: false, webPreferences: { contextIsolation: true } }); + const w = new BrowserWindow({ show: false }); await w.loadFile(path.join(subframesPath, 'frame-with-frame-container.html')); const webFrame = w.webContents.mainFrame; @@ -165,7 +215,7 @@ describe('webFrameMain module', () => { }); it('can resolve promise', async () => { - const w = new BrowserWindow({ show: false, webPreferences: { contextIsolation: true } }); + const w = new BrowserWindow({ show: false }); await w.loadFile(path.join(subframesPath, 'frame.html')); const webFrame = w.webContents.mainFrame; const p = () => webFrame.executeJavaScript('new Promise(resolve => setTimeout(resolve(42), 2000));'); @@ -174,7 +224,7 @@ describe('webFrameMain module', () => { }); it('can reject with error', async () => { - const w = new BrowserWindow({ show: false, webPreferences: { contextIsolation: true } }); + const w = new BrowserWindow({ show: false }); await w.loadFile(path.join(subframesPath, 'frame.html')); const webFrame = w.webContents.mainFrame; const p = () => webFrame.executeJavaScript('new Promise((r,e) => setTimeout(e("error!"), 500));'); @@ -195,7 +245,7 @@ describe('webFrameMain module', () => { }); it('can reject when script execution fails', async () => { - const w = new BrowserWindow({ show: false, webPreferences: { contextIsolation: true } }); + const w = new BrowserWindow({ show: false }); await w.loadFile(path.join(subframesPath, 'frame.html')); const webFrame = w.webContents.mainFrame; const p = () => webFrame.executeJavaScript('console.log(test)'); @@ -205,7 +255,7 @@ describe('webFrameMain module', () => { describe('WebFrame.reload', () => { it('reloads a frame', async () => { - const w = new BrowserWindow({ show: false, webPreferences: { contextIsolation: true } }); + const w = new BrowserWindow({ show: false }); await w.loadFile(path.join(subframesPath, 'frame.html')); const webFrame = w.webContents.mainFrame; @@ -238,7 +288,7 @@ describe('webFrameMain module', () => { let w: BrowserWindow; beforeEach(async () => { - w = new BrowserWindow({ show: false, webPreferences: { contextIsolation: true } }); + w = new BrowserWindow({ show: false }); }); // TODO(jkleinsc) fix this flaky test on linux @@ -301,7 +351,7 @@ describe('webFrameMain module', () => { }); it('can find each frame from navigation events', async () => { - const w = new BrowserWindow({ show: false, webPreferences: { contextIsolation: true } }); + const w = new BrowserWindow({ show: false }); // frame-with-frame-container.html, frame-with-frame.html, frame.html const didFrameFinishLoad = emittedNTimes(w.webContents, 'did-frame-finish-load', 3); From 99d9537ef72511da49e1e9df6dbf84fca055cc56 Mon Sep 17 00:00:00 2001 From: "trop[bot]" <37223003+trop[bot]@users.noreply.github.com> Date: Thu, 15 Sep 2022 15:20:47 -0700 Subject: [PATCH 04/12] build: fix building with enable_basic_printing false (#35693) Co-authored-by: Milan Burda --- shell/browser/api/electron_api_web_contents.cc | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/shell/browser/api/electron_api_web_contents.cc b/shell/browser/api/electron_api_web_contents.cc index e74f2523d5d5e..ed4e6c6825324 100644 --- a/shell/browser/api/electron_api_web_contents.cc +++ b/shell/browser/api/electron_api_web_contents.cc @@ -143,6 +143,10 @@ #include "shell/browser/osr/osr_web_contents_view.h" #endif +#if BUILDFLAG(IS_WIN) +#include "shell/browser/native_window_views.h" +#endif + #if !BUILDFLAG(IS_MAC) #include "ui/aura/window.h" #else @@ -175,9 +179,8 @@ #if BUILDFLAG(IS_WIN) #include "printing/backend/win_helper.h" -#include "shell/browser/native_window_views.h" -#endif #endif +#endif // BUILDFLAG(ENABLE_PRINTING) #if BUILDFLAG(ENABLE_PICTURE_IN_PICTURE) #include "chrome/browser/picture_in_picture/picture_in_picture_window_manager.h" From 8b6b8824876d18a9d8473dff2316b54ab9b7a4c7 Mon Sep 17 00:00:00 2001 From: Sudowoodo Release Bot <88427002+sudowoodo-release-bot[bot]@users.noreply.github.com> Date: Mon, 19 Sep 2022 06:30:51 -0700 Subject: [PATCH 05/12] Bump v21.0.0-beta.7 --- ELECTRON_VERSION | 2 +- package.json | 2 +- shell/browser/resources/win/electron.rc | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ELECTRON_VERSION b/ELECTRON_VERSION index 680e9b9bea5b6..f170e99978b5b 100644 --- a/ELECTRON_VERSION +++ b/ELECTRON_VERSION @@ -1 +1 @@ -21.0.0-beta.6 \ No newline at end of file +21.0.0-beta.7 \ No newline at end of file diff --git a/package.json b/package.json index cac68d5f4f9c3..efcaeac7e2924 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "electron", - "version": "21.0.0-beta.6", + "version": "21.0.0-beta.7", "repository": "https://github.com/electron/electron", "description": "Build cross platform desktop apps with JavaScript, HTML, and CSS", "devDependencies": { diff --git a/shell/browser/resources/win/electron.rc b/shell/browser/resources/win/electron.rc index 4bfcbdf9c74ce..e1b5e1c888e5e 100644 --- a/shell/browser/resources/win/electron.rc +++ b/shell/browser/resources/win/electron.rc @@ -50,8 +50,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 21,0,0,6 - PRODUCTVERSION 21,0,0,6 + FILEVERSION 21,0,0,7 + PRODUCTVERSION 21,0,0,7 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L From 64b5d7be2efc48e30c9b5fb3094f48c640a25f7d Mon Sep 17 00:00:00 2001 From: "trop[bot]" <37223003+trop[bot]@users.noreply.github.com> Date: Mon, 19 Sep 2022 10:27:52 -0400 Subject: [PATCH 06/12] build: update `.nvmrc` Node.js version from 14 to 16 (#35700) Update `.nvmrc` Node.js version from 14 to 16 The `DEPS` file states that Electron is on Node.js ^16.x. I am guessing that the PR bumping to Node.js 16 overlooked the `.nvmrc` file, which is updated in this PR. If leaving the `.nvmrc` file on 14 was intentional, please disregard this PR. Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com> --- .nvmrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.nvmrc b/.nvmrc index 8351c19397f4f..b6a7d89c68e0c 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -14 +16 From a1789897d3311fa308e8b9efdece9ce9c1aef543 Mon Sep 17 00:00:00 2001 From: "trop[bot]" <37223003+trop[bot]@users.noreply.github.com> Date: Mon, 19 Sep 2022 08:31:58 -0700 Subject: [PATCH 07/12] fix: uv_os_gethostname failing on Windows 7 (libuv patch regression) (#35704) Co-authored-by: Milan Burda --- ...ash_caused_by_gethostnamew_on_windows_7.patch | 16 +++++++++++++++- ...lang_-wdeprecated-declarations_in_libuv.patch | 2 +- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/patches/node/fix_crash_caused_by_gethostnamew_on_windows_7.patch b/patches/node/fix_crash_caused_by_gethostnamew_on_windows_7.patch index 5ebadbf25bec8..8d1899062c761 100644 --- a/patches/node/fix_crash_caused_by_gethostnamew_on_windows_7.patch +++ b/patches/node/fix_crash_caused_by_gethostnamew_on_windows_7.patch @@ -6,7 +6,7 @@ Subject: fix: crash caused by GetHostNameW on Windows 7 Backported from https://github.com/libuv/libuv/pull/3285. diff --git a/deps/uv/src/win/util.c b/deps/uv/src/win/util.c -index 33e874ac442f88b58d2b68c8ec9764f6f664552e..2d4cc0aaa02e61bf359e80eca27527efb49fd85e 100644 +index 33e874ac442f88b58d2b68c8ec9764f6f664552e..37ece5e2867ab836492a8b7faa0aa5e1b8e562f0 100644 --- a/deps/uv/src/win/util.c +++ b/deps/uv/src/win/util.c @@ -37,6 +37,7 @@ @@ -166,3 +166,17 @@ index 33e874ac442f88b58d2b68c8ec9764f6f664552e..2d4cc0aaa02e61bf359e80eca27527ef int uv_os_gethostname(char* buffer, size_t* size) { WCHAR buf[UV_MAXHOSTNAMESIZE]; size_t len; +@@ -1674,10 +1803,10 @@ int uv_os_gethostname(char* buffer, size_t* size) { + + uv__once_init(); /* Initialize winsock */ + +- if (pGetHostNameW == NULL) +- return UV_ENOSYS; ++ uv_sGetHostNameW gethostnamew = ++ pGetHostNameW == NULL ? uv__gethostnamew_nt60 : pGetHostNameW; + +- if (pGetHostNameW(buf, UV_MAXHOSTNAMESIZE) != 0) ++ if (gethostnamew(buf, UV_MAXHOSTNAMESIZE) != 0) + return uv_translate_sys_error(WSAGetLastError()); + + convert_result = uv__convert_utf16_to_utf8(buf, -1, &utf8_str); diff --git a/patches/node/fix_suppress_clang_-wdeprecated-declarations_in_libuv.patch b/patches/node/fix_suppress_clang_-wdeprecated-declarations_in_libuv.patch index bb7df671a3957..a6ae0650793b4 100644 --- a/patches/node/fix_suppress_clang_-wdeprecated-declarations_in_libuv.patch +++ b/patches/node/fix_suppress_clang_-wdeprecated-declarations_in_libuv.patch @@ -6,7 +6,7 @@ Subject: fix: suppress clang -Wdeprecated-declarations in libuv Should be upstreamed. diff --git a/deps/uv/src/win/util.c b/deps/uv/src/win/util.c -index 2d4cc0aaa02e61bf359e80eca27527efb49fd85e..aaa16052e2a9c7d1dca82763c41c0890371f1471 100644 +index 37ece5e2867ab836492a8b7faa0aa5e1b8e562f0..d50296728f7e0810064647125a469f3ed714f8ea 100644 --- a/deps/uv/src/win/util.c +++ b/deps/uv/src/win/util.c @@ -1950,10 +1950,17 @@ int uv_os_uname(uv_utsname_t* buffer) { From 3437ffca8b6ab582b360a4a2f3372c140269a5b0 Mon Sep 17 00:00:00 2001 From: "trop[bot]" <37223003+trop[bot]@users.noreply.github.com> Date: Mon, 19 Sep 2022 16:50:46 -0400 Subject: [PATCH 08/12] fix: edge case in app.isInApplicationsFolder() (#35730) fix: edge case in app.isInApplicationsFolder() (#35636) * fix: edge case in IsInApplicationsFolder * use realpath instead * lint * revert lowercasing * optimize * Update shell/browser/ui/cocoa/electron_bundle_mover.mm * lint Co-authored-by: John Kleinschmidt Co-authored-by: Kishan Bagaria Co-authored-by: John Kleinschmidt --- shell/browser/ui/cocoa/electron_bundle_mover.mm | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/shell/browser/ui/cocoa/electron_bundle_mover.mm b/shell/browser/ui/cocoa/electron_bundle_mover.mm index 881b49c9fa467..57dcadc9932d9 100644 --- a/shell/browser/ui/cocoa/electron_bundle_mover.mm +++ b/shell/browser/ui/cocoa/electron_bundle_mover.mm @@ -182,18 +182,27 @@ return IsInApplicationsFolder([[NSBundle mainBundle] bundlePath]); } +NSString* resolvePath(NSString* path) { + NSString* standardizedPath = [path stringByStandardizingPath]; + char resolved[PATH_MAX]; + if (realpath([standardizedPath UTF8String], resolved) == NULL) + return path; + return @(resolved); +} + bool ElectronBundleMover::IsInApplicationsFolder(NSString* bundlePath) { // Check all the normal Application directories NSArray* applicationDirs = NSSearchPathForDirectoriesInDomains( NSApplicationDirectory, NSAllDomainsMask, true); + NSString* resolvedBundlePath = resolvePath(bundlePath); for (NSString* appDir in applicationDirs) { - if ([bundlePath hasPrefix:appDir]) + if ([resolvedBundlePath hasPrefix:appDir]) return true; } // Also, handle the case that the user has some other Application directory // (perhaps on a separate data partition). - if ([[bundlePath pathComponents] containsObject:@"Applications"]) + if ([[resolvedBundlePath pathComponents] containsObject:@"Applications"]) return true; return false; From f18485f8bf98739ede44c6235d92c7c389237736 Mon Sep 17 00:00:00 2001 From: "trop[bot]" <37223003+trop[bot]@users.noreply.github.com> Date: Tue, 20 Sep 2022 12:22:42 -0500 Subject: [PATCH 09/12] chore: fix ambiguous reference gcc compile error (#35734) Co-authored-by: Bruno Pitrus --- shell/browser/serial/electron_serial_delegate.cc | 10 ++++++---- shell/browser/serial/electron_serial_delegate.h | 4 ++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/shell/browser/serial/electron_serial_delegate.cc b/shell/browser/serial/electron_serial_delegate.cc index 2306be383db46..0c7f63d4ab9fe 100644 --- a/shell/browser/serial/electron_serial_delegate.cc +++ b/shell/browser/serial/electron_serial_delegate.cc @@ -66,16 +66,18 @@ device::mojom::SerialPortManager* ElectronSerialDelegate::GetPortManager( return GetChooserContext(frame)->GetPortManager(); } -void ElectronSerialDelegate::AddObserver(content::RenderFrameHost* frame, - Observer* observer) { +void ElectronSerialDelegate::AddObserver( + content::RenderFrameHost* frame, + content::SerialDelegate::Observer* observer) { observer_list_.AddObserver(observer); auto* chooser_context = GetChooserContext(frame); if (!port_observation_.IsObserving()) port_observation_.Observe(chooser_context); } -void ElectronSerialDelegate::RemoveObserver(content::RenderFrameHost* frame, - Observer* observer) { +void ElectronSerialDelegate::RemoveObserver( + content::RenderFrameHost* frame, + content::SerialDelegate::Observer* observer) { observer_list_.RemoveObserver(observer); } diff --git a/shell/browser/serial/electron_serial_delegate.h b/shell/browser/serial/electron_serial_delegate.h index 5876d7e511041..add2c4471f1e4 100644 --- a/shell/browser/serial/electron_serial_delegate.h +++ b/shell/browser/serial/electron_serial_delegate.h @@ -38,9 +38,9 @@ class ElectronSerialDelegate : public content::SerialDelegate, device::mojom::SerialPortManager* GetPortManager( content::RenderFrameHost* frame) override; void AddObserver(content::RenderFrameHost* frame, - Observer* observer) override; + content::SerialDelegate::Observer* observer) override; void RemoveObserver(content::RenderFrameHost* frame, - Observer* observer) override; + content::SerialDelegate::Observer* observer) override; void RevokePortPermissionWebInitiated( content::RenderFrameHost* frame, const base::UnguessableToken& token) override; From fc1d8a80e66cf442c915cce11f62b739ad429189 Mon Sep 17 00:00:00 2001 From: "trop[bot]" <37223003+trop[bot]@users.noreply.github.com> Date: Tue, 20 Sep 2022 22:04:31 -0500 Subject: [PATCH 10/12] chore: add missing .eslintrc.json files to limit imports properly (#35747) Co-authored-by: Milan Burda --- lib/browser/.eslintrc.json | 2 +- lib/common/.eslintrc.json | 23 +++++++++++++++++++++++ lib/common/api/clipboard.ts | 1 + lib/isolated_renderer/.eslintrc.json | 18 ++++++++++++++++++ lib/renderer/.eslintrc.json | 18 ++++++++++++++++++ lib/renderer/common-init.ts | 2 +- lib/renderer/inspector.ts | 2 +- lib/renderer/web-frame-init.ts | 2 +- lib/sandboxed_renderer/.eslintrc.json | 18 ++++++++++++++++++ lib/worker/.eslintrc.json | 18 ++++++++++++++++++ 10 files changed, 100 insertions(+), 4 deletions(-) create mode 100644 lib/common/.eslintrc.json create mode 100644 lib/isolated_renderer/.eslintrc.json create mode 100644 lib/renderer/.eslintrc.json create mode 100644 lib/sandboxed_renderer/.eslintrc.json create mode 100644 lib/worker/.eslintrc.json diff --git a/lib/browser/.eslintrc.json b/lib/browser/.eslintrc.json index 27d223a509d96..dab1dafc3f26e 100644 --- a/lib/browser/.eslintrc.json +++ b/lib/browser/.eslintrc.json @@ -18,4 +18,4 @@ } ] } -} \ No newline at end of file +} diff --git a/lib/common/.eslintrc.json b/lib/common/.eslintrc.json new file mode 100644 index 0000000000000..42964484b5c34 --- /dev/null +++ b/lib/common/.eslintrc.json @@ -0,0 +1,23 @@ +{ + "rules": { + "no-restricted-imports": [ + "error", + { + "paths": [ + "electron", + "electron/main", + "electron/renderer" + ], + "patterns": [ + "./*", + "../*", + "@electron/internal/browser/*", + "@electron/internal/isolated_renderer/*", + "@electron/internal/renderer/*", + "@electron/internal/sandboxed_worker/*", + "@electron/internal/worker/*" + ] + } + ] + } +} diff --git a/lib/common/api/clipboard.ts b/lib/common/api/clipboard.ts index dd03b4f279d68..55f7958bc7963 100644 --- a/lib/common/api/clipboard.ts +++ b/lib/common/api/clipboard.ts @@ -1,5 +1,6 @@ import { IPC_MESSAGES } from '@electron/internal/common/ipc-messages'; +// eslint-disable-next-line no-restricted-imports import type * as ipcRendererUtilsModule from '@electron/internal/renderer/ipc-renderer-internal-utils'; const clipboard = process._linkedBinding('electron_common_clipboard'); diff --git a/lib/isolated_renderer/.eslintrc.json b/lib/isolated_renderer/.eslintrc.json new file mode 100644 index 0000000000000..cb5f6cadaa4f3 --- /dev/null +++ b/lib/isolated_renderer/.eslintrc.json @@ -0,0 +1,18 @@ +{ + "rules": { + "no-restricted-imports": [ + "error", + { + "paths": [ + "electron", + "electron/main" + ], + "patterns": [ + "./*", + "../*", + "@electron/internal/browser/*" + ] + } + ] + } +} diff --git a/lib/renderer/.eslintrc.json b/lib/renderer/.eslintrc.json new file mode 100644 index 0000000000000..cb5f6cadaa4f3 --- /dev/null +++ b/lib/renderer/.eslintrc.json @@ -0,0 +1,18 @@ +{ + "rules": { + "no-restricted-imports": [ + "error", + { + "paths": [ + "electron", + "electron/main" + ], + "patterns": [ + "./*", + "../*", + "@electron/internal/browser/*" + ] + } + ] + } +} diff --git a/lib/renderer/common-init.ts b/lib/renderer/common-init.ts index 4ceff37416d59..bfec34419ddd3 100644 --- a/lib/renderer/common-init.ts +++ b/lib/renderer/common-init.ts @@ -1,4 +1,4 @@ -import { ipcRenderer } from 'electron'; +import { ipcRenderer } from 'electron/renderer'; import { ipcRendererInternal } from '@electron/internal/renderer/ipc-renderer-internal'; import type * as webViewInitModule from '@electron/internal/renderer/web-view/web-view-init'; diff --git a/lib/renderer/inspector.ts b/lib/renderer/inspector.ts index 346de2030ef40..8dd941d30619a 100644 --- a/lib/renderer/inspector.ts +++ b/lib/renderer/inspector.ts @@ -2,7 +2,7 @@ import { internalContextBridge } from '@electron/internal/renderer/api/context-b import { ipcRendererInternal } from '@electron/internal/renderer/ipc-renderer-internal'; import * as ipcRendererUtils from '@electron/internal/renderer/ipc-renderer-internal-utils'; import { webFrame } from 'electron/renderer'; -import { IPC_MESSAGES } from '../common/ipc-messages'; +import { IPC_MESSAGES } from '@electron/internal/common/ipc-messages'; const { contextIsolationEnabled } = internalContextBridge; diff --git a/lib/renderer/web-frame-init.ts b/lib/renderer/web-frame-init.ts index 37225cfb3428a..ac4db7f9a74dc 100644 --- a/lib/renderer/web-frame-init.ts +++ b/lib/renderer/web-frame-init.ts @@ -1,4 +1,4 @@ -import { webFrame, WebFrame } from 'electron'; +import { webFrame, WebFrame } from 'electron/renderer'; import * as ipcRendererUtils from '@electron/internal/renderer/ipc-renderer-internal-utils'; import { IPC_MESSAGES } from '@electron/internal/common/ipc-messages'; diff --git a/lib/sandboxed_renderer/.eslintrc.json b/lib/sandboxed_renderer/.eslintrc.json new file mode 100644 index 0000000000000..cb5f6cadaa4f3 --- /dev/null +++ b/lib/sandboxed_renderer/.eslintrc.json @@ -0,0 +1,18 @@ +{ + "rules": { + "no-restricted-imports": [ + "error", + { + "paths": [ + "electron", + "electron/main" + ], + "patterns": [ + "./*", + "../*", + "@electron/internal/browser/*" + ] + } + ] + } +} diff --git a/lib/worker/.eslintrc.json b/lib/worker/.eslintrc.json new file mode 100644 index 0000000000000..cb5f6cadaa4f3 --- /dev/null +++ b/lib/worker/.eslintrc.json @@ -0,0 +1,18 @@ +{ + "rules": { + "no-restricted-imports": [ + "error", + { + "paths": [ + "electron", + "electron/main" + ], + "patterns": [ + "./*", + "../*", + "@electron/internal/browser/*" + ] + } + ] + } +} From 0ced2338ea20a1c372bc8f06f19a44141f6086d8 Mon Sep 17 00:00:00 2001 From: "trop[bot]" <37223003+trop[bot]@users.noreply.github.com> Date: Wed, 21 Sep 2022 15:25:43 +0200 Subject: [PATCH 11/12] fix: crash loading non-standard schemes in iframes (#35517) * fix: crash loading non-standard schemes in iframes * test: move fixture to correct location * chore: update patches Co-authored-by: Shelley Vohr Co-authored-by: Charles Kerr Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com> --- patches/chromium/.patches | 1 + ...ding_non-standard_schemes_in_iframes.patch | 78 +++++++++++++++++++ spec-main/api-protocol-spec.ts | 23 +++++- spec-main/fixtures/pages/iframe-protocol.html | 11 +++ 4 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 patches/chromium/fix_crash_loading_non-standard_schemes_in_iframes.patch create mode 100644 spec-main/fixtures/pages/iframe-protocol.html diff --git a/patches/chromium/.patches b/patches/chromium/.patches index e575ac484e854..14f516fa4dc37 100644 --- a/patches/chromium/.patches +++ b/patches/chromium/.patches @@ -121,3 +121,4 @@ fix_revert_emulationhandler_update_functions_to_early_return.patch fix_return_v8_value_from_localframe_requestexecutescript.patch disable_optimization_guide_for_preconnect_feature.patch fix_the_gn_gen_for_components_segmentation_platform.patch +fix_crash_loading_non-standard_schemes_in_iframes.patch diff --git a/patches/chromium/fix_crash_loading_non-standard_schemes_in_iframes.patch b/patches/chromium/fix_crash_loading_non-standard_schemes_in_iframes.patch new file mode 100644 index 0000000000000..84d7eb40925bc --- /dev/null +++ b/patches/chromium/fix_crash_loading_non-standard_schemes_in_iframes.patch @@ -0,0 +1,78 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Shelley Vohr +Date: Mon, 29 Aug 2022 11:44:57 +0200 +Subject: fix: crash loading non-standard schemes in iframes + +This fixes a crash that occurs when loading non-standard schemes from +iframes or webviews. This was happening because +ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin contains explicit +exceptions to allow built-in non-standard schemes, but does not check +for non-standard schemes registered by the embedder. + +Upstream, https://bugs.chromium.org/p/chromium/issues/detail?id=1081397 +contains several paths forward - here I chose to swap out the +CHECK in navigation_request.cc from policy->CanAccessDataForOrigin to +policy->CanCommitOriginAndUrl. + +Upstreamed at https://chromium-review.googlesource.com/c/chromium/src/+/3856266. + +diff --git a/content/browser/renderer_host/navigation_request.cc b/content/browser/renderer_host/navigation_request.cc +index 37434a26db44ed035fcbebd9febbda10efa859da..060b310d38db85944e37b8a202493212106d8946 100644 +--- a/content/browser/renderer_host/navigation_request.cc ++++ b/content/browser/renderer_host/navigation_request.cc +@@ -6573,10 +6573,11 @@ std::pair NavigationRequest:: + if (IsForMhtmlSubframe()) + return origin_with_debug_info; + +- int process_id = GetRenderFrameHost()->GetProcess()->GetID(); +- auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); +- CHECK( +- policy->CanAccessDataForOrigin(process_id, origin_with_debug_info.first)); ++ CanCommitStatus can_commit = GetRenderFrameHost()->CanCommitOriginAndUrl( ++ origin_with_debug_info.first, GetURL(), IsSameDocument(), IsPdf(), ++ GetUrlInfo().is_sandboxed); ++ CHECK_EQ(CanCommitStatus::CAN_COMMIT_ORIGIN_AND_URL, can_commit); ++ + return origin_with_debug_info; + } + +diff --git a/content/browser/renderer_host/render_frame_host_impl.h b/content/browser/renderer_host/render_frame_host_impl.h +index 6aff64db8cc09f95d658fe9e0bd54c0b4c6ff433..e1dda0c951f9ea6f28b6d43ab2b9d4481f5d7773 100644 +--- a/content/browser/renderer_host/render_frame_host_impl.h ++++ b/content/browser/renderer_host/render_frame_host_impl.h +@@ -2557,6 +2557,17 @@ class CONTENT_EXPORT RenderFrameHostImpl + HandleAXEvents(tree_id, std::move(updates_and_events), reset_token); + } + ++ // Returns whether the given origin and URL is allowed to commit in the ++ // current RenderFrameHost. The |url| is used to ensure it matches the origin ++ // in cases where it is applicable. This is a more conservative check than ++ // RenderProcessHost::FilterURL, since it will be used to kill processes that ++ // commit unauthorized origins. ++ CanCommitStatus CanCommitOriginAndUrl(const url::Origin& origin, ++ const GURL& url, ++ bool is_same_document_navigation, ++ bool is_pdf, ++ bool is_sandboxed); ++ + protected: + friend class RenderFrameHostFactory; + +@@ -2892,17 +2903,6 @@ class CONTENT_EXPORT RenderFrameHostImpl + // relevant. + void ResetWaitingState(); + +- // Returns whether the given origin and URL is allowed to commit in the +- // current RenderFrameHost. The |url| is used to ensure it matches the origin +- // in cases where it is applicable. This is a more conservative check than +- // RenderProcessHost::FilterURL, since it will be used to kill processes that +- // commit unauthorized origins. +- CanCommitStatus CanCommitOriginAndUrl(const url::Origin& origin, +- const GURL& url, +- bool is_same_document_navigation, +- bool is_pdf, +- bool is_sandboxed); +- + // Returns whether a subframe navigation request should be allowed to commit + // to the current RenderFrameHost. + bool CanSubframeCommitOriginAndUrl(NavigationRequest* navigation_request); diff --git a/spec-main/api-protocol-spec.ts b/spec-main/api-protocol-spec.ts index 980c289cb1e7f..7988724baf5b4 100644 --- a/spec-main/api-protocol-spec.ts +++ b/spec-main/api-protocol-spec.ts @@ -9,7 +9,7 @@ import * as fs from 'fs'; import * as qs from 'querystring'; import * as stream from 'stream'; import { EventEmitter } from 'events'; -import { closeWindow } from './window-helpers'; +import { closeAllWindows, closeWindow } from './window-helpers'; import { emittedOnce } from './events-helpers'; import { WebmGenerator } from './video-helpers'; import { delay } from './spec-helpers'; @@ -216,6 +216,8 @@ describe('protocol module', () => { const normalPath = path.join(fixturesPath, 'pages', 'a.html'); const normalContent = fs.readFileSync(normalPath); + afterEach(closeAllWindows); + it('sends file path as response', async () => { registerFileProtocol(protocolName, (request, callback) => callback(filePath)); const r = await ajax(protocolName + '://fake-host'); @@ -239,6 +241,25 @@ describe('protocol module', () => { expect(r.headers).to.have.property('x-great-header', 'sogreat'); }); + it('can load iframes with custom protocols', (done) => { + registerFileProtocol('custom', (request, callback) => { + const filename = request.url.substring(9); + const p = path.join(__dirname, 'fixtures', 'pages', filename); + callback({ path: p }); + }); + + const w = new BrowserWindow({ + show: false, + webPreferences: { + nodeIntegration: true, + contextIsolation: false + } + }); + + w.loadFile(path.join(__dirname, 'fixtures', 'pages', 'iframe-protocol.html')); + ipcMain.once('loaded-iframe-custom-protocol', () => done()); + }); + it.skip('throws an error when custom headers are invalid', (done) => { registerFileProtocol(protocolName, (request, callback) => { expect(() => callback({ diff --git a/spec-main/fixtures/pages/iframe-protocol.html b/spec-main/fixtures/pages/iframe-protocol.html new file mode 100644 index 0000000000000..a283115b19382 --- /dev/null +++ b/spec-main/fixtures/pages/iframe-protocol.html @@ -0,0 +1,11 @@ + + + + From 199ccfd84014377811cbeec685ba6d774e40878c Mon Sep 17 00:00:00 2001 From: "trop[bot]" <37223003+trop[bot]@users.noreply.github.com> Date: Wed, 21 Sep 2022 16:12:40 -0400 Subject: [PATCH 12/12] docs: fix wording mistake in security.md section 4 (#35743) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit docs: fix wording mistake in security.md section 4 (#35682) Update security.md Under "4. Process Sandboxing", it said "For mor information on what `contextIsolation` is..." which was the previous section (copied from there). This updates it to say "For more information on what Process Sandboxing is..." Co-authored-by: Sebastian Vittersø <37065184+sebastianvitterso@users.noreply.github.com> --- docs/tutorial/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tutorial/security.md b/docs/tutorial/security.md index 0d98921a95afe..2a26dae1e267a 100644 --- a/docs/tutorial/security.md +++ b/docs/tutorial/security.md @@ -256,7 +256,7 @@ the sandbox in all renderers. Loading, reading or processing any untrusted content in an unsandboxed process, including the main process, is not advised. :::info -For more information on what `contextIsolation` is and how to enable it please +For more information on what Process Sandboxing is and how to enable it please see our dedicated [Process Sandboxing](sandbox.md) document. :::info