github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-04-10 03:01:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: better window hierarchy checks

Browse Source
This commit is contained in:
Samuel Attard
2020-01-18 16:13:30 -08:00
parent 26ee9476de
commit bdd19d9b28
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/browser/guest-window-manager.js
View File

@@ -1,6 +1,7 @@
'use strict'
const electron = require('electron')
const nodeUrl = require('url')
const { BrowserWindow } = electron
const { isSameOrigin } = process.electronBinding('v8_util')
const { ipcMainInternal } = require('@electron/internal/browser/ipc-main-internal')
@@ -177,9 +178,8 @@ const isNodeIntegrationEnabled = function (sender) {
// Checks whether |sender| can access the |target|:
const canAccessWindow = function (sender, target) {
return isChildWindow(sender, target) ||
isScriptableWindow(sender, target) ||
isNodeIntegrationEnabled(sender)
return isScriptableWindow(sender, target) ||
(isChildWindow(sender, target) && isNodeIntegrationEnabled(sender))
}
// Routed window.open messages with raw options
@@ -187,6 +187,12 @@ ipcMainInternal.on('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_OPEN', (event, url, fra
if (url == null || url === '') url = 'about:blank'
if (frameName == null) frameName = ''
if (features == null) features = ''
const parsedSourceURL = nodeUrl.parse(event.sender.getURL())
const parsedTargetURL = nodeUrl.parse(url)
if (parsedTargetURL.protocol === 'file:' && parsedSourceURL.protocol !== 'file:') {
event.returnValue = null
return
}
const options = {}