* test: fix flaky mac dock & autofill tests
* fix: add null checks for the parent widget before calling IsVisible()
* test: remove autofill test change (failing on Linux), keep crash fix
* chore: autofill updates from code review
* docs: document that getCursorScreenPoint() needs a Window on Wayland
* feat: add IsWayland() helper
* fix: Wayland crash in GetCursorScreenPoint()
fix: support Screen::GetCursorScreenPoint() on X11
* refactor: replace deprecated NSUserNotifications with User Notifications
Removes deprecated NSUserNotification API, now using User Notifications
It replaces API calls for generating, scheduling, and receiving native
macOS notifications with equivalent API calls from the new framework,
or functionally equivalent implementations.
To preserve the existing Notification module API, special handling was
required in certain cases:
- Dynamically declared notification actions
Typically, notification actions should be declared at app launch time
when using the User Notifications framework. However, this isn’t
compatible with Electron’s architecture. Instead, we dynamically
declare new notifications actions when necessary and carefully manage
the existing actions registered at runtime.
- Localizations for ‘Reply’ and ‘Show’ labels
New translation files are added and processed through GRIT to add
localizations for “Reply” and “Show” button labels which were
initially supplied by the NSUserNotification framework.
* Use NotificationImageRetainer pattern from //chrome
* build: fix lint
* build: update config to handle --translate-gender for pak files
* test: also sign on arm64
* fix: add error handling for scheduling notification
* docs: add details to breaking changes
* docs: clarify breaking change details
* docs: add details for notifications tutorial and API documentation
---------
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
PowerMonitor registered OS-level callbacks (HWND UserData and
WTS/suspend notifications on Windows, shutdown handler and lock-screen
observer on macOS) but never cleaned them up in its destructor. The JS
layer also only held the native object in a closure-local variable,
allowing GC to reclaim it while those registrations still referenced
freed memory.
Retain the native PowerMonitor at module level in power-monitor.ts so
it cannot be garbage-collected. Add DestroyPlatformSpecificMonitors()
to properly tear down OS registrations on destruction: on Windows,
unregister WTS and suspend notifications, clear GWLP_USERDATA, and
destroy the HWND; on macOS, remove the emitter from the global
MacLockMonitor and reset the Browser shutdown handler.
Previously, GetProtocolLaunchPath and FormatCommandLineString in
browser_win.cc used naive quoting which could break when paths or
arguments contained backslashes, spaces, or embedded quotes.
Fix by extracting the CommandLineToArgvW-compatible quoting logic from
relauncher_win.cc into a shared utility and use it in both browser_win.cc
and relauncher_win.cc to properly quote the exe path and each argument
individually.
Previously, when trashItemAtURL: failed (e.g. on network shares or
under app translocation), the code fell back to constructing an
AppleScript that interpolated the bundle path directly into a string
literal via %@ with no escaping. This was fragile and unnecessary —
trashItemAtURL: has been the standard API since 10.8 and covers the
relevant cases. The fix simply removes the AppleScript fallback
entirely, so Trash() now returns the result of trashItemAtURL: directly.
* fix: validate USB device selection against filtered device list
Previously, UsbChooserController::OnDeviceChosen looked up the chosen
device_id via chooser_context_->GetDeviceInfo(), which searches all
known USB devices on the system rather than the filtered list shown to
the select-usb-device handler. This meant a device excluded by the
renderer's filters or exclusion_filters could still be granted
permission if the handler returned its GUID.
* bump for CI
---------
Co-authored-by: John Kleinschmidt <kleinschmidtorama@gmail.com>
EnterFullscreenModeForTab, RequestPointerLock, and RequestKeyboardLock
bind callbacks with base::Unretained(this); fullscreen also captures a
raw RenderFrameHost*. These callbacks may be invoked by the app's JS
permission handler after the WebContents or RenderFrameHost is destroyed.
Use GetWeakPtr() in all three call sites, and capture a
GlobalRenderFrameHostToken instead of the raw RenderFrameHost* for
fullscreen so the pointer is resolved and null-checked only when the
callback fires. Cancel in-flight permission requests from ~WebContents()
via a new ElectronPermissionManager::CancelPendingRequests()` so stale
callbacks are never handed back to JS.
* feat: add macOS-only api to determine if app is currently active
You can `focus()` the app and get events for `did-become-active`, but there's currently not a way to directly check if your app is the active (foreground) application.
* test: add unit test for app.isActive api
* fix: ensure we hide app after showing in test
If the app is still active, it may affect other tests like dock.bounce
that behave differently depending on whether the app is active
* docs: simplify isActive api description
* feat: show toast dismissal reason on Windows
* Update docs/api/notification.md
Co-authored-by: David Sanders <dsanders11@ucsbalum.com>
---------
Co-authored-by: David Sanders <dsanders11@ucsbalum.com>
fix: bind offscreen paint callback to child WebContents
Previously, MaybeOverrideCreateParamsForNewWindow bound the
OffScreenWebContentsView's paint callback to the parent WebContents
using base::Unretained(this). This was both unsafe (dangling pointer
risk if the parent is destroyed before the child) and semantically
incorrect — paint events belong to the child window, not the opener.
Replace the callback in MaybeOverrideCreateParamsForNewWindow with
base::DoNothing(), then rebind it to the child WebContents in
AddNewContents via a new SetCallback method on OffScreenWebContentsView.
Enter the destination context scope before creating the VideoFrame V8
wrapper, matching the sibling Element and Blob branches. Without this,
ScriptState::ForCurrentRealm resolved to the calling context instead of
the target context, producing an incorrect wrapper.
Also switch to ScriptState::From with an explicit context argument to
make the intent clearer.
Adds spec coverage for VideoFrame crossing the bridge in both
directions and adds VideoFrame to the existing prototype checks.
The setter branch was deriving source_context from getter-> instead of
setter->. Currently latent since the only call site passes both from
the same preload context, but this would crash or mis-resolve if a
future call site passed a setter without a getter or from a different
context.
* test: add failing test for `setFullscreen(false)`
`setFullscreen(false)` should do nothing
when not already in fullscreen, but it hides the menu bar
on Linux.
* fix: menu bar hiding on two setFullScreen(false)
This fixes the following bug on Linux (and maybe macOS):
1. Create a window with a menu bar.
2. Call `win.setFullScreen(false)`.
The menu bar will hide.
See the original bug in our project:
https://github.com/deltachat/deltachat-desktop/issues/4752.
* fix window sizing on linux when constraints are applied
* added tests
* apply window style directly when changing resizability
* Revert "apply window style directly when changing resizability"
This reverts commit 949e2ee2ab.
* set size constraints for resizability on window and linux
* chore: bump chromium in DEPS to 147.0.7702.0
* chore: update patches (trivial only)
Co-Authored-By: Claude (claude-3-5-sonnet, Anthropic)
* chore: bump chromium in DEPS to 147.0.7703.0
* 7582039: [Extensions] Use dependency injection for ManifestHandlerRegistry
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7582039
Co-Authored-By: Claude (claude-3-5-sonnet, Anthropic)
* 7582477: spanification: migrate base::ReadUnicodeCharacter usage to string_view
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7582477
Co-Authored-By: Claude (claude-3-5-sonnet, Anthropic)
* chore: update patches (trivial only)
Co-Authored-By: Claude (claude-3-5-sonnet, Anthropic)
* 7590029: Remove 5 unused deprecated sync methods in ui::Clipboard
Migrate clipboard API calls from synchronous methods to async callback-based
methods with RunLoop pattern.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7590029
* 7599553: [rust png] Chromium: Update `png` to version `0.18.1`.
https://chromium-review.googlesource.com/c/chromium/src/+/7599553
Chromium updated their to Rust PNG implementation which produces
different (but valid) PNG output. Update tests to compare raw bitmap
data instead of encoded PNG data URLs.
* test: fixup clipboard tests to properly handle urls
Needed after migrating clipboard API calls from synchronous methods to async callback-based methods with RunLoop pattern.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7590029
* fixup "7599553: [rust png] Chromium: Update `png` to version `0.18.1`."
https://chromium-review.googlesource.com/c/chromium/src/+/7599553
Chromium updated their Rust PNG implementation which produces
different (but valid) PNG data URLs.
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: John Kleinschmidt <kleinschmidtorama@gmail.com>
* chore: bump chromium in DEPS to 147.0.7693.0
* chore: bump chromium in DEPS to 147.0.7694.0
* chore: bump chromium in DEPS to 147.0.7695.0
* chore: bump chromium in DEPS to 147.0.7697.0
* chore: bump chromium in DEPS to 147.0.7698.0
* fix(patch): IsGuest moved to SecurityPrincipal
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7234613
Co-Authored-By: Claude (claude-opus-4-6)
* chore: update patches (trivial only)
* fix(patch): v8::External API now requires ExternalPointerTypeTag
Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7562476
Co-Authored-By: Claude (claude-opus-4-6)
* fix: update CreateCustomWebContents signature
Upstream added disposition and window_features parameters.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7585256
Co-Authored-By: Claude (claude-opus-4-6)
* fix: OriginatingProcess renamed to OriginatingProcessId
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7557820
Co-Authored-By: Claude (claude-opus-4-6)
* fix: kLogNetLog moved from network::switches to net::switches
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7559090
Co-Authored-By: Claude (claude-opus-4-6)
* fix(patch): patch out glic and save-to-drive Profile usage in PDF
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7589312
Co-Authored-By: Claude (claude-opus-4-6)
* chore: bump chromium in DEPS to 147.0.7699.0
* chore: remove upstreamed pseudonymization salt descriptor code
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7568382
Co-Authored-By: Claude (claude-opus-4-6)
* chore: update patches (trivial only)
* chore: update reclient patch format (copy-from to new-file)
Co-Authored-By: Claude (claude-opus-4-6)
* chore: remove upstreamed patch and update stale patches
Co-Authored-By: Claude (claude-opus-4-6)
* fix: expose GetLibGdk3 and guard glic function body
GetLibGdk3 needs to be public for Electron's gdk_display_beep usage.
ShouldShowGlicSummarizeButton body must be guarded, not just call site.
Co-Authored-By: Claude (claude-opus-4-6)
* fix(patch): v8::External API in nan requires ExternalPointerTypeTag
Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7562476
Co-Authored-By: Claude (claude-opus-4-6)
* fixup fix(patch): v8::External API in nan requires ExternalPointerTypeTag
* fixup: remove extraneous changes to patches
Caused by
debb3716816e51034728
* fixup: revert fix: expose GetLibGdk3 and guard glic function body
Reverts 6e51034728 as this was an unneeded changed caused by the incorrect changes made in debb371681
* 7586673: Update logic for showing pdf summarize button
7586673: Update logic for showing pdf summarize button | https://chromium-review.googlesource.com/c/chromium/src/+/7586673
Also 7454131: set enable_glic=true | https://chromium-review.googlesource.com/c/chromium/src/+/7454131 (landed in previous roll)
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Alice Zhao <alicelovescake@anthropic.com>
Co-authored-by: John Kleinschmidt <kleinschmidtorama@gmail.com>
* guard against window destruction in min/max size checks
* use weakptr to prevent hit test crash on teardown
* revove web contents views during teardown
* fix test failure
* fix other tests
Inside gtk_util::GdkPixbufFromSkBitmap, g_bytes_new() was called
inline as an argument to gdk_pixbuf_new_from_bytes(), which per
GTK docs does not take ownership of the GBytes - it adds its own
internal reference. The caller's GBytes* was never stored or
unreffed, leaking 4 x width x height bytes of pixel data on every
call.
* fix window sizing and content sizing on Linux when CSD is in use
* fixed size constraints
* layout helper
* CSD shadows for frameless windows on Linux
* simplify min/max size calculation
* use base window size for min/max
* respect HasShadow option
* moved windows min/max size overrides
* add newline at end of file
* fix setting background color for frameless csd windows
* fix wco positioning nad sizing to match prod
* safety improvements
* refactor: initialize libgdk stubs before use in `platform_util:Beep`
* feat: add upstream function to get libgdk handle
* fix: add missing include for libgdk support
* style: adjust comment wording and make linter happy
* style: make linter actually happy
fix: enable WASM trap handlers in all Node.js processes
```
Original reason for revert:
Some apps started throwing exception on startup
https://github.com/electron/electron/issues/48956
```
We now move the trap handler registeration before
any user script execution. Add a fuse to support
disabling the feature is application needs to run
in memory constrained environments.
* fix window sizing and content sizing on Linux when CSD is in use
* fixed size constraints
* simplify min/max size calculation
* use base window size for min/max
* moved windows min/max size overrides
* remove unnecessary checks for client frame
* cleanup
