From 7fee455138e8470756a677dcca1a830260ba8d97 Mon Sep 17 00:00:00 2001 From: Milan Burda Date: Sun, 3 Oct 2021 02:56:50 +0200 Subject: [PATCH 1/3] fix: sanitize params for 'context-menu' event sent over IPC for webview --- lib/browser/guest-view-manager.ts | 23 ++++++----------------- lib/common/web-view-events.ts | 17 +++++++++++++++-- 2 files changed, 21 insertions(+), 19 deletions(-) diff --git a/lib/browser/guest-view-manager.ts b/lib/browser/guest-view-manager.ts index 59e9c9f87a058..6912adda61748 100644 --- a/lib/browser/guest-view-manager.ts +++ b/lib/browser/guest-view-manager.ts @@ -21,13 +21,6 @@ const supportedWebViewEvents = Object.keys(webViewEvents); const guestInstances = new Map(); const embedderElementsMap = new Map(); -function sanitizeOptionsForGuest (options: Record) { - const ret = { ...options }; - // WebContents values can't be sent over IPC. - delete ret.webContents; - return ret; -} - function makeWebPreferences (embedder: Electron.WebContents, params: Record) { // parse the 'webpreferences' attribute string, if set // this uses the same parsing rules as window.open uses for its features @@ -138,7 +131,12 @@ const createGuest = function (embedder: Electron.WebContents, embedderFrameId: n const makeProps = (eventKey: string, args: any[]) => { const props: Record = {}; webViewEvents[eventKey].forEach((prop, index) => { - props[prop] = args[index]; + if (Array.isArray(prop)) { + const [name, sanitizer] = prop; + props[name] = sanitizer(args[index]); + } else { + props[prop as string] = args[index]; + } }); return props; }; @@ -150,15 +148,6 @@ const createGuest = function (embedder: Electron.WebContents, embedderFrameId: n }); } - guest.on('new-window', function (event, url, frameName, disposition, options) { - sendToEmbedder(IPC_MESSAGES.GUEST_VIEW_INTERNAL_DISPATCH_EVENT, 'new-window', { - url, - frameName, - disposition, - options: sanitizeOptionsForGuest(options) - }); - }); - // Dispatch guest's IPC messages to embedder. guest.on('ipc-message-host' as any, function (event: Electron.IpcMainEvent, channel: string, args: any[]) { sendToEmbedder(IPC_MESSAGES.GUEST_VIEW_INTERNAL_DISPATCH_EVENT, 'ipc-message', { diff --git a/lib/common/web-view-events.ts b/lib/common/web-view-events.ts index d571ecedde534..ffe97d4ebdb7c 100644 --- a/lib/common/web-view-events.ts +++ b/lib/common/web-view-events.ts @@ -1,4 +1,16 @@ -export const webViewEvents: Record = { +type Sanitizer = (obj: Record) => Record; + +function makeSanitizer (names: string[]): Sanitizer { + return (obj: Record) => { + const ret = { ...obj }; + for (const name of names) { + delete ret[name]; + } + return ret; + }; +} + +export const webViewEvents: Record = { 'load-commit': ['url', 'isMainFrame'], 'did-attach': [], 'did-finish-load': [], @@ -8,7 +20,8 @@ export const webViewEvents: Record = { 'did-stop-loading': [], 'dom-ready': [], 'console-message': ['level', 'message', 'line', 'sourceId'], - 'context-menu': ['params'], + 'context-menu': [['params', makeSanitizer(['frame'])]], + 'new-window': ['url', 'frameName', 'disposition', ['options', makeSanitizer(['webContents'])]], 'devtools-opened': [], 'devtools-closed': [], 'devtools-focused': [], From d95d4b2a934ab2cad174b2ccdf8ca729bc346148 Mon Sep 17 00:00:00 2001 From: Milan Burda Date: Mon, 4 Oct 2021 17:08:41 +0200 Subject: [PATCH 2/3] Revert "fix: sanitize params for 'context-menu' event sent over IPC for webview" This reverts commit 7fee455138e8470756a677dcca1a830260ba8d97. --- lib/browser/guest-view-manager.ts | 23 +++++++++++++++++------ lib/common/web-view-events.ts | 17 ++--------------- 2 files changed, 19 insertions(+), 21 deletions(-) diff --git a/lib/browser/guest-view-manager.ts b/lib/browser/guest-view-manager.ts index 6912adda61748..59e9c9f87a058 100644 --- a/lib/browser/guest-view-manager.ts +++ b/lib/browser/guest-view-manager.ts @@ -21,6 +21,13 @@ const supportedWebViewEvents = Object.keys(webViewEvents); const guestInstances = new Map(); const embedderElementsMap = new Map(); +function sanitizeOptionsForGuest (options: Record) { + const ret = { ...options }; + // WebContents values can't be sent over IPC. + delete ret.webContents; + return ret; +} + function makeWebPreferences (embedder: Electron.WebContents, params: Record) { // parse the 'webpreferences' attribute string, if set // this uses the same parsing rules as window.open uses for its features @@ -131,12 +138,7 @@ const createGuest = function (embedder: Electron.WebContents, embedderFrameId: n const makeProps = (eventKey: string, args: any[]) => { const props: Record = {}; webViewEvents[eventKey].forEach((prop, index) => { - if (Array.isArray(prop)) { - const [name, sanitizer] = prop; - props[name] = sanitizer(args[index]); - } else { - props[prop as string] = args[index]; - } + props[prop] = args[index]; }); return props; }; @@ -148,6 +150,15 @@ const createGuest = function (embedder: Electron.WebContents, embedderFrameId: n }); } + guest.on('new-window', function (event, url, frameName, disposition, options) { + sendToEmbedder(IPC_MESSAGES.GUEST_VIEW_INTERNAL_DISPATCH_EVENT, 'new-window', { + url, + frameName, + disposition, + options: sanitizeOptionsForGuest(options) + }); + }); + // Dispatch guest's IPC messages to embedder. guest.on('ipc-message-host' as any, function (event: Electron.IpcMainEvent, channel: string, args: any[]) { sendToEmbedder(IPC_MESSAGES.GUEST_VIEW_INTERNAL_DISPATCH_EVENT, 'ipc-message', { diff --git a/lib/common/web-view-events.ts b/lib/common/web-view-events.ts index ffe97d4ebdb7c..d571ecedde534 100644 --- a/lib/common/web-view-events.ts +++ b/lib/common/web-view-events.ts @@ -1,16 +1,4 @@ -type Sanitizer = (obj: Record) => Record; - -function makeSanitizer (names: string[]): Sanitizer { - return (obj: Record) => { - const ret = { ...obj }; - for (const name of names) { - delete ret[name]; - } - return ret; - }; -} - -export const webViewEvents: Record = { +export const webViewEvents: Record = { 'load-commit': ['url', 'isMainFrame'], 'did-attach': [], 'did-finish-load': [], @@ -20,8 +8,7 @@ export const webViewEvents: Record Date: Mon, 4 Oct 2021 17:09:14 +0200 Subject: [PATCH 3/3] fix: make frame property non-enumerable in params for 'context-menu' event --- shell/common/gin_converters/content_converter.cc | 2 +- shell/common/gin_helper/dictionary.h | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/shell/common/gin_converters/content_converter.cc b/shell/common/gin_converters/content_converter.cc index 4d6b250cfa166..a025702eb5b9b 100644 --- a/shell/common/gin_converters/content_converter.cc +++ b/shell/common/gin_converters/content_converter.cc @@ -80,7 +80,7 @@ v8::Local Converter::ToV8( const auto& params = val.first; content::RenderFrameHost* render_frame_host = val.second; gin_helper::Dictionary dict = gin::Dictionary::CreateEmpty(isolate); - dict.SetGetter("frame", render_frame_host); + dict.SetGetter("frame", render_frame_host, v8::DontEnum); dict.Set("x", params.x); dict.Set("y", params.y); dict.Set("linkURL", params.link_url); diff --git a/shell/common/gin_helper/dictionary.h b/shell/common/gin_helper/dictionary.h index 5e55c418f2582..7c6368ad39781 100644 --- a/shell/common/gin_helper/dictionary.h +++ b/shell/common/gin_helper/dictionary.h @@ -111,7 +111,9 @@ class Dictionary : public gin::Dictionary { } template - bool SetGetter(const K& key, const V& val) { + bool SetGetter(const K& key, + const V& val, + v8::PropertyAttribute attribute = v8::None) { AccessorValue acc_value; acc_value.Value = val; @@ -136,7 +138,7 @@ class Dictionary : public gin::Dictionary { if (gin::TryConvertToV8(info.GetIsolate(), val, &v8_value)) info.GetReturnValue().Set(v8_value); }, - NULL, v8_value_accessor) + nullptr, v8_value_accessor, v8::DEFAULT, attribute) .ToChecked(); }