github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-04-10 03:01:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: disallow loading extensions in temp sessions (#22090) (#22571)

Browse Source 
Co-authored-by: Jeremy Apthorp <jeremya@chromium.org>
Co-authored-by: John Kleinschmidt <jkleinsc@github.com>
This commit is contained in:
Samuel Maddock
2020-03-09 14:33:23 -04:00
committed by GitHub
parent 0f08c6c874
commit 60f16eaf95
2 changed files with 17 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
shell/browser/api/electron_api_session.cc
View File

@@ -676,6 +676,11 @@ v8::Local<v8::Promise> Session::LoadExtension(
const base::FilePath& extension_path) {
gin_helper::Promise<const extensions::Extension*> promise(isolate());
v8::Local<v8::Promise> handle = promise.GetHandle();
if (browser_context()->IsOffTheRecord()) {
promise.RejectWithErrorMessage(
"Extensions cannot be loaded in a temporary session");
return handle;
}
auto* extension_system = static_cast<extensions::ElectronExtensionSystem*>(
extensions::ExtensionSystem::Get(browser_context()));

20
spec-main/extensions-spec.ts
View File

@@ -24,8 +24,13 @@ ifdescribe(process.electronBinding('features').isExtensionsEnabled())('chrome ex
after(() => {
server.close()
})
afterEach(closeAllWindows)
afterEach(() => {
session.defaultSession.getAllExtensions().forEach((e: any) => {
session.defaultSession.removeExtension(e.id)
})
})
it('loads an extension', async () => {
// NB. we have to use a persist: session (i.e. non-OTR) because the
// extension registry is redirected to the main session. so installing an
@@ -73,13 +78,18 @@ ifdescribe(process.electronBinding('features').isExtensionsEnabled())('chrome ex
it('confines an extension to the session it was loaded in', async () => {
const customSession = session.fromPartition(`persist:${require('uuid').v4()}`)
customSession.loadExtension(path.join(fixtures, 'extensions', 'red-bg'))
await customSession.loadExtension(path.join(fixtures, 'extensions', 'red-bg'))
const w = new BrowserWindow({ show: false }) // not in the session
await w.loadURL(url)
const bg = await w.webContents.executeJavaScript('document.documentElement.style.backgroundColor')
expect(bg).to.equal('')
})
it('loading an extension in a temporary session throws an error', async () => {
const customSession = session.fromPartition(require('uuid').v4())
await expect(customSession.loadExtension(path.join(fixtures, 'extensions', 'red-bg'))).to.eventually.be.rejectedWith('Extensions cannot be loaded in a temporary session')
})
describe('chrome.i18n', () => {
let w: BrowserWindow
let extension: Extension
@@ -281,12 +291,6 @@ ifdescribe(process.electronBinding('features').isExtensionsEnabled())('chrome ex
})
describe('deprecation shims', () => {
afterEach(() => {
session.defaultSession.getAllExtensions().forEach((e: any) => {
session.defaultSession.removeExtension(e.id)
})
})
it('loads an extension through BrowserWindow.addExtension', async () => {
BrowserWindow.addExtension(path.join(fixtures, 'extensions', 'red-bg'))
const w = new BrowserWindow({ show: false })