From 41dea03007031fc7b035e9cc3125378c28454f2e Mon Sep 17 00:00:00 2001 From: Kevin Sawicki Date: Fri, 25 Nov 2016 09:43:35 -0800 Subject: [PATCH 1/4] window.opener location should be webview src URL --- spec/chromium-spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/chromium-spec.js b/spec/chromium-spec.js index 7d58bee374..e0bdd1861d 100644 --- a/spec/chromium-spec.js +++ b/spec/chromium-spec.js @@ -401,7 +401,7 @@ describe('chromium feature', function () { webview = new WebView() webview.addEventListener('console-message', function (e) { webview.remove() - assert.equal(e.message, location.href) + assert.equal(e.message, webview.src) done() }) webview.setAttribute('allowpopups', 'on') From 145e40c2f6537f4ca72383937288bac99b828d72 Mon Sep 17 00:00:00 2001 From: Kevin Sawicki Date: Fri, 25 Nov 2016 09:47:28 -0800 Subject: [PATCH 2/4] Add more origin comparison specs --- spec/chromium-spec.js | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/spec/chromium-spec.js b/spec/chromium-spec.js index e0bdd1861d..1a39edd296 100644 --- a/spec/chromium-spec.js +++ b/spec/chromium-spec.js @@ -345,6 +345,15 @@ describe('chromium feature', function () { w = window.open(url, '', 'show=no') }) + it('works when origin matches', function (done) { + listener = function (event) { + assert.equal(event.data, location.href) + done() + } + window.addEventListener('message', listener) + w = window.open(`file://${fixtures}/pages/window-opener-location.html`, '', 'show=no') + }) + it('works when origin does not match opener but has node integration', function (done) { listener = function (event) { assert.equal(event.data, location.href) @@ -397,6 +406,24 @@ describe('chromium feature', function () { document.body.appendChild(webview) }) + it('works when origin matches', function (done) { + webview = new WebView() + webview.addEventListener('console-message', function (e) { + assert.equal(e.message, webview.src) + done() + }) + webview.setAttribute('allowpopups', 'on') + webview.src = url.format({ + pathname: srcPath, + protocol: 'file', + query: { + p: pageURL + }, + slashes: true + }) + document.body.appendChild(webview) + }) + it('works when origin does not match opener but has node integration', function (done) { webview = new WebView() webview.addEventListener('console-message', function (e) { From 3a29555772045a36973db6228abfa6b483417d09 Mon Sep 17 00:00:00 2001 From: Kevin Sawicki Date: Fri, 25 Nov 2016 10:03:47 -0800 Subject: [PATCH 3/4] Access URL through webContents directly --- lib/browser/guest-window-manager.js | 15 +++++++++++++++ lib/renderer/override.js | 12 ++++++------ 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/lib/browser/guest-window-manager.js b/lib/browser/guest-window-manager.js index 3d920ab54e..aee98fc41f 100644 --- a/lib/browser/guest-window-manager.js +++ b/lib/browser/guest-window-manager.js @@ -240,3 +240,18 @@ ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_WEB_CONTENTS_METHOD', function (event, console.error(`Blocked ${event.sender.getURL()} from calling ${method} on its opener.`) } }) + +ipcMain.on('ELECTRON_GUEST_WINDOW_MANAGER_WEB_CONTENTS_METHOD_SYNC', function (event, guestId, method, ...args) { + const guestContents = webContents.fromId(guestId) + if (guestContents == null) { + event.returnValue = null + return + } + + if (canAccessWindow(event.sender, guestContents)) { + event.returnValue = guestContents[method].apply(guestContents, args) + } else { + console.error(`Blocked ${event.sender.getURL()} from calling ${method} on its opener.`) + event.returnValue = null + } +}) diff --git a/lib/renderer/override.js b/lib/renderer/override.js index 6b5e0e1615..3ed4d3666e 100644 --- a/lib/renderer/override.js +++ b/lib/renderer/override.js @@ -41,28 +41,28 @@ var BrowserWindowProxy = (function () { } BrowserWindowProxy.prototype.close = function () { - return ipcRenderer.send('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_CLOSE', this.guestId) + ipcRenderer.send('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_CLOSE', this.guestId) } BrowserWindowProxy.prototype.focus = function () { - return ipcRenderer.send('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_METHOD', this.guestId, 'focus') + ipcRenderer.send('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_METHOD', this.guestId, 'focus') } BrowserWindowProxy.prototype.blur = function () { - return ipcRenderer.send('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_METHOD', this.guestId, 'blur') + ipcRenderer.send('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_METHOD', this.guestId, 'blur') } BrowserWindowProxy.prototype.print = function () { - return ipcRenderer.send('ELECTRON_GUEST_WINDOW_MANAGER_WEB_CONTENTS_METHOD', this.guestId, 'print') + ipcRenderer.send('ELECTRON_GUEST_WINDOW_MANAGER_WEB_CONTENTS_METHOD', this.guestId, 'print') } Object.defineProperty(BrowserWindowProxy.prototype, 'location', { get: function () { - return ipcRenderer.sendSync('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_METHOD', this.guestId, 'getURL') + return ipcRenderer.sendSync('ELECTRON_GUEST_WINDOW_MANAGER_WEB_CONTENTS_METHOD_SYNC', this.guestId, 'getURL') }, set: function (url) { url = resolveURL(url) - return ipcRenderer.sendSync('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_METHOD', this.guestId, 'loadURL', url) + return ipcRenderer.sendSync('ELECTRON_GUEST_WINDOW_MANAGER_WEB_CONTENTS_METHOD_SYNC', this.guestId, 'loadURL', url) } }) From 6f6c5c07f01c6845c3585bffe3e44ca452f4f9d7 Mon Sep 17 00:00:00 2001 From: Kevin Sawicki Date: Fri, 25 Nov 2016 10:05:12 -0800 Subject: [PATCH 4/4] Remove unintended returns --- lib/renderer/override.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/renderer/override.js b/lib/renderer/override.js index 3ed4d3666e..69ef3a5e6f 100644 --- a/lib/renderer/override.js +++ b/lib/renderer/override.js @@ -22,7 +22,7 @@ var BrowserWindowProxy = (function () { } BrowserWindowProxy.remove = function (guestId) { - return delete this.proxies[guestId] + delete this.proxies[guestId] } function BrowserWindowProxy (guestId1) { @@ -70,11 +70,11 @@ var BrowserWindowProxy = (function () { if (targetOrigin == null) { targetOrigin = '*' } - return ipcRenderer.send('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_POSTMESSAGE', this.guestId, message, targetOrigin, window.location.origin) + ipcRenderer.send('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_POSTMESSAGE', this.guestId, message, targetOrigin, window.location.origin) } BrowserWindowProxy.prototype['eval'] = function (...args) { - return ipcRenderer.send.apply(ipcRenderer, ['ELECTRON_GUEST_WINDOW_MANAGER_WEB_CONTENTS_METHOD', this.guestId, 'executeJavaScript'].concat(args)) + ipcRenderer.send.apply(ipcRenderer, ['ELECTRON_GUEST_WINDOW_MANAGER_WEB_CONTENTS_METHOD', this.guestId, 'executeJavaScript'].concat(args)) } return BrowserWindowProxy @@ -207,7 +207,7 @@ ipcRenderer.on('ELECTRON_GUEST_WINDOW_POSTMESSAGE', function (event, sourceId, m // Forward history operations to browser. var sendHistoryOperation = function (...args) { - return ipcRenderer.send.apply(ipcRenderer, ['ELECTRON_NAVIGATION_CONTROLLER'].concat(args)) + ipcRenderer.send.apply(ipcRenderer, ['ELECTRON_NAVIGATION_CONTROLLER'].concat(args)) } var getHistoryOperation = function (...args) { @@ -215,15 +215,15 @@ var getHistoryOperation = function (...args) { } window.history.back = function () { - return sendHistoryOperation('goBack') + sendHistoryOperation('goBack') } window.history.forward = function () { - return sendHistoryOperation('goForward') + sendHistoryOperation('goForward') } window.history.go = function (offset) { - return sendHistoryOperation('goToOffset', offset) + sendHistoryOperation('goToOffset', offset) } Object.defineProperty(window.history, 'length', {