fix: ensure ElectronBrowser mojo service is only bound to appropriate render frames (#33344)

* fix: ensure ElectronBrowser mojo service is only bound to authorized render frames Notes: no-notes * refactor: extract electron API IPC to its own mojo interface * fix: just check main frame not primary main frame Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com> Co-authored-by: Samuel Attard <sattard@salesforce.com>
2026-04-10 03:01:51 -04:00 · 2022-03-21 13:41:15 -07:00
parent a327684118
commit e9fa834757
17 changed files with 381 additions and 229 deletions
--- a/shell/common/api/api.mojom
+++ b/shell/common/api/api.mojom
@@ -31,7 +31,21 @@ struct DraggableRegion {
  gfx.mojom.Rect bounds;
 };

-interface ElectronBrowser {
+interface ElectronWebContentsUtility {
+  // Informs underlying WebContents that first non-empty layout was performed
+  // by compositor.
+  OnFirstNonEmptyLayout();
+
+  UpdateDraggableRegions(
+    array<DraggableRegion> regions);
+
+  SetTemporaryZoomLevel(double zoom_level);
+
+  [Sync]
+  DoGetZoomLevel() => (double result);
+};
+
+interface ElectronApiIPC {
  // Emits an event on |channel| from the ipcMain JavaScript object in the main
  // process.
  Message(
@@ -46,10 +60,6 @@ interface ElectronBrowser {
      string channel,
      blink.mojom.CloneableMessage arguments) => (blink.mojom.CloneableMessage result);

-  // Informs underlying WebContents that first non-empty layout was performed
-  // by compositor.
-  OnFirstNonEmptyLayout();
-
  ReceivePostMessage(string channel, blink.mojom.TransferableMessage message);

  // Emits an event on |channel| from the ipcMain JavaScript object in the main
@@ -70,12 +80,4 @@ interface ElectronBrowser {
  MessageHost(
    string channel,
    blink.mojom.CloneableMessage arguments);
-
-  UpdateDraggableRegions(
-    array<DraggableRegion> regions);
-
-  SetTemporaryZoomLevel(double zoom_level);
-
-  [Sync]
-  DoGetZoomLevel() => (double result);
 };
--- a/shell/common/gin_helper/event_emitter.cc
+++ b/shell/common/gin_helper/event_emitter.cc
@@ -54,7 +54,7 @@ v8::Local<v8::Object> CreateNativeEvent(
    v8::Isolate* isolate,
    v8::Local<v8::Object> sender,
    content::RenderFrameHost* frame,
-    electron::mojom::ElectronBrowser::MessageSyncCallback callback) {
+    electron::mojom::ElectronApiIPC::MessageSyncCallback callback) {
  v8::Local<v8::Object> event;
  if (frame && callback) {
    gin::Handle<Event> native_event = Event::Create(isolate);
--- a/shell/common/gin_helper/event_emitter.h
+++ b/shell/common/gin_helper/event_emitter.h
@@ -29,7 +29,7 @@ v8::Local<v8::Object> CreateNativeEvent(
    v8::Isolate* isolate,
    v8::Local<v8::Object> sender,
    content::RenderFrameHost* frame,
-    electron::mojom::ElectronBrowser::MessageSyncCallback callback);
+    electron::mojom::ElectronApiIPC::MessageSyncCallback callback);

 }  // namespace internal