fix: enable webview in sandbox renderer (#13435) (#13555)

* Enable webview in sandbox renderer (#13435) * Enable webview in sandbox renderer Security: Inherit embedder prefs onto webview * cache lastwebprefs * fix expect UT issue * Fix test
2026-04-10 03:01:51 -04:00 · 2018-11-27 00:16:11 -08:00
parent 8ed07298cc
commit 9313af3f3b
4 changed files with 53 additions and 0 deletions
--- a/atom/renderer/atom_sandboxed_renderer_client.cc
+++ b/atom/renderer/atom_sandboxed_renderer_client.cc
@@ -92,6 +92,12 @@ void InitializeBindings(v8::Local<v8::Object> binding,
  b.SetMethod("getArgv", GetArgv);
  b.SetMethod("getProcessMemoryInfo", &AtomBindings::GetProcessMemoryInfo);
  b.SetMethod("getSystemMemoryInfo", &AtomBindings::GetSystemMemoryInfo);
+
+  // Pass in CLI flags needed to setup the renderer
+  base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
+  if (command_line->HasSwitch(switches::kGuestInstanceID))
+    b.Set(options::kGuestInstanceID,
+        command_line->GetSwitchValueASCII(switches::kGuestInstanceID));
 }

 class AtomSandboxedRenderFrameObserver : public AtomRenderFrameObserver {
--- a/lib/browser/guest-view-manager.js
+++ b/lib/browser/guest-view-manager.js
@@ -240,6 +240,23 @@ const attachGuest = function (event, elementInstanceId, guestInstanceId, params)
    webPreferences.disablePopups = true
  }

+  // Security options that guest will always inherit from embedder
+  const inheritedWebPreferences = new Map([
+    ['contextIsolation', true],
+    ['javascript', false],
+    ['nativeWindowOpen', true],
+    ['nodeIntegration', false],
+    ['sandbox', true]
+  ])
+
+  // Inherit certain option values from embedder
+  const lastWebPreferences = embedder.getLastWebPreferences()
+  for (const [name, value] of inheritedWebPreferences) {
+    if (lastWebPreferences[name] === value) {
+      webPreferences[name] = value
+    }
+  }
+
  embedder.emit('will-attach-webview', event, webPreferences, params)
  if (event.defaultPrevented) {
    if (guest.viewInstanceId == null) guest.viewInstanceId = params.instanceId
--- a/lib/sandboxed_renderer/init.js
+++ b/lib/sandboxed_renderer/init.js
@@ -59,6 +59,16 @@ if (window.location.protocol === 'chrome-devtools:') {
  require('../renderer/inspector')
 }

+if (binding.guestInstanceId) {
+  process.guestInstanceId = parseInt(binding.guestInstanceId)
+}
+
+if (!process.guestInstanceId && preloadProcess.argv.indexOf('--webview-tag=true') !== -1) {
+  // don't allow recursive `<webview>`
+  require('../renderer/web-view/web-view')
+  require('../renderer/web-view/web-view-attributes')
+}
+
 // Wrap the script into a function executed in global scope. It won't have
 // access to the current scope, so we'll expose a few objects as arguments:
 //
--- a/spec/api-browser-window-spec.js
+++ b/spec/api-browser-window-spec.js
@@ -1573,6 +1573,26 @@ describe('BrowserWindow module', () => {
          done()
        })
      })
+
+      it('supports webview in sandbox renderer', (done) => {
+        w.destroy()
+        w = new BrowserWindow({
+          show: false,
+          webPreferences: {
+            sandbox: true,
+            preload: preload,
+            webviewTag: true
+          }
+        })
+        w.loadURL(`file://${fixtures}/pages/webview-did-attach-event.html`)
+
+        w.webContents.once('did-attach-webview', (event, webContents) => {
+          ipcMain.once('webview-dom-ready', (event, id) => {
+            assert.equal(webContents.id, id)
+            done()
+          })
+        })
+      })
    })

    describe('nativeWindowOpen option', () => {