github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-04-10 03:01:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

refactor: port window.open and window.opener to use ctx bridge instead of hole punching (#23235)

Browse Source 
* refactor: port window.open and window.opener to use ctx bridge instead of hole punching

* refactor: only run the isolated init bundle when webview is enabled
This commit is contained in:
Samuel Attard
2020-04-27 12:46:04 -07:00
committed by GitHub
parent c68589f212
commit abe5cf398c
11 changed files with 178 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/browser/api/web-contents.js
View File

@@ -548,6 +548,11 @@ WebContents.prototype._init = function () {
internalWindowOpen(event, url, referrer, frameName, disposition, mergedOptions, additionalFeatures, postData);
});
const prefs = this.getWebPreferences() || {};
if (prefs.webviewTag && prefs.contextIsolation) {
electron.deprecate.log('Security Warning: A WebContents was just created with both webviewTag and contextIsolation enabled. This combination is fundamentally less secure and effectively bypasses the protections of contextIsolation. We strongly recommend you move away from webviews to OOPIF or BrowserView in order for your app to be more secure');
}
}
this.on('login', (event, ...args) => {