Bump v13.0.0-beta.27

All the other argument headers were h3 (`###`) but `--force-fieldtrials` was h2 (`##`) for some reason.
I changed it to make it consistent with the others.

Co-authored-by: Noelle Leigh <5957867+noelleleigh@users.noreply.github.com>

.circleci/config.yml

@@ -85,17 +85,17 @@ machine-linux-2xlarge: &machine-linux-2xlarge
 
 machine-mac: &machine-mac
   macos:
-    xcode: "12.2.0"
+    xcode: "12.4.0"
 
 machine-mac-large: &machine-mac-large
   resource_class: large
   macos:
-    xcode: "12.2.0"
+    xcode: "12.4.0"
 
 machine-mac-large-arm: &machine-mac-large-arm
   resource_class: large
   macos:
-    xcode: "12.2.0"
+    xcode: "12.4.0"
 
 machine-mac-arm64: &machine-mac-arm64
   resource_class: electronjs/macos-arm64
@@ -230,6 +230,18 @@ step-maybe-notify-slack-success: &step-maybe-notify-slack-success
       fi
     when: on_success
 
+step-maybe-cleanup-arm64-mac: &step-maybe-cleanup-arm64-mac
+  run:
+    name: Cleanup after testing
+    command: |
+      if  [ "$TARGET_ARCH" == "arm64" ] &&[ "`uname`" == "Darwin" ]; then
+        killall Electron || echo "No Electron processes left running"
+        killall Safari || echo "No Safari processes left running"
+        rm -rf ~/Library/Application\ Support/Electron*
+        rm -rf ~/Library/Application\ Support/electron*
+      fi
+    when: always
+
 step-checkout-electron: &step-checkout-electron
   checkout:
     path: src/electron
@@ -313,9 +325,10 @@ step-setup-goma-for-build: &step-setup-goma-for-build
       npm install
       mkdir third_party
       node -e "require('./src/utils/goma.js').downloadAndPrepare({ gomaOneForAll: true })"
-      node -e "require('./src/utils/goma.js').ensure()"
+      third_party/goma/goma_ctl.py ensure_start
       echo 'export GN_GOMA_FILE='`node -e "console.log(require('./src/utils/goma.js').gnFilePath)"` >> $BASH_ENV
       echo 'export LOCAL_GOMA_DIR='`node -e "console.log(require('./src/utils/goma.js').dir)"` >> $BASH_ENV
+      echo 'export GOMA_FALLBACK_ON_AUTH_FAILURE=true' >> $BASH_ENV
       cd ..
 
 step-restore-brew-cache: &step-restore-brew-cache
@@ -517,7 +530,9 @@ step-electron-build: &step-electron-build
         ninja -C out/Default electron:electron_mksnapshot_zip -j $NUMBER_OF_NINJA_PROCESSES
         ninja -C out/Default tools/v8_context_snapshot -j $NUMBER_OF_NINJA_PROCESSES
         gn desc out/Default v8:run_mksnapshot_default args > out/Default/mksnapshot_args
+        rm -rf out/Default/clang_x64_v8_arm64/gen
         rm -rf out/Default/clang_x64_v8_arm64/obj
+        rm -rf out/Default/clang_x64/obj
 
         # Regenerate because we just deleted some ninja files 
         gn gen out/Default --args="import(\"$GN_CONFIG\") import(\"$GN_GOMA_FILE\") $GN_EXTRA_ARGS $GN_BUILDFLAG_ARGS"
@@ -840,7 +855,7 @@ step-maybe-zip-symbols: &step-maybe-zip-symbols
       export BUILD_PATH="$PWD/out/Default"
       ninja -C out/Default electron:licenses
       ninja -C out/Default electron:electron_version
-      electron/script/zip-symbols.py -b $BUILD_PATH
+      DELETE_DSYMS_AFTER_ZIP=1 electron/script/zip-symbols.py -b $BUILD_PATH
 
 step-symbols-store: &step-symbols-store
   store_artifacts:
@@ -1018,7 +1033,7 @@ step-minimize-workspace-size-from-checkout: &step-minimize-workspace-size-from-c
     name: Remove some unused data to avoid storing it in the workspace/cache
     command: |
       rm -rf src/android_webview
-      rm -rf src/ios
+      rm -rf src/ios/chrome
       rm -rf src/third_party/blink/web_tests
       rm -rf src/third_party/blink/perf_tests
       rm -rf src/third_party/WebKit/LayoutTests
@@ -1340,6 +1355,8 @@ steps-tests: &steps-tests
 
     - *step-maybe-notify-slack-failure
 
+    - *step-maybe-cleanup-arm64-mac
+
 steps-test-nan: &steps-test-nan
   steps:
     - attach_workspace:
@@ -2311,7 +2328,7 @@ jobs:
     <<: *steps-tests
 
   linux-x64-testing-asan-tests:
-    <<: *machine-linux-medium
+    <<: *machine-linux-xlarge
     environment:
       <<: *env-linux-medium
       <<: *env-headless-testing
@@ -2595,15 +2612,19 @@ workflows:
     - osx-publish-x64-skip-checkout:
         requires:
           - mac-checkout
+        context: release-env
     - mas-publish-x64-skip-checkout:
         requires:
           - mac-checkout
+        context: release-env
     - osx-publish-arm64-skip-checkout:
         requires:
           - mac-checkout
+        context: release-env
     - mas-publish-arm64-skip-checkout:
         requires:
           - mac-checkout
+        context: release-env
 
   lint:
     when: << pipeline.parameters.run-lint >>

.env.example

@@ -4,4 +4,3 @@
 APPVEYOR_CLOUD_TOKEN=
 CIRCLE_TOKEN=
 ELECTRON_GITHUB_TOKEN=
-VSTS_TOKEN=

.gitignore

@@ -68,4 +68,6 @@ ts-gen
 .depshash-target
 
 # Used to accelerate builds after sync
-patches/mtime-cache.json
+patches/mtime-cache.json
+
+spec/fixtures/logo.png

BUILD.gn

@@ -402,7 +402,10 @@ source_set("electron_lib") {
   }
 
   if (!is_mas_build) {
-    deps += [ "//components/crash/core/app" ]
+    deps += [
+      "//components/crash/core/app",
+      "//components/crash/core/browser",
+    ]
   }
 
   sources = filenames.lib_sources
@@ -440,6 +443,7 @@ source_set("electron_lib") {
   if (is_mac) {
     deps += [
       "//components/remote_cocoa/app_shim",
+      "//components/remote_cocoa/browser",
       "//content/common:mac_helpers",
       "//ui/accelerated_widget_mac",
     ]
@@ -619,6 +623,9 @@ source_set("electron_lib") {
       "//chrome/services/printing/public/mojom",
       "//components/printing/common:mojo_interfaces",
     ]
+    if (is_mac) {
+      deps += [ "//chrome/services/mac_notifications/public/mojom" ]
+    }
   }
 
   if (enable_electron_extensions) {
@@ -632,6 +639,7 @@ source_set("electron_lib") {
       "//components/zoom",
       "//extensions/browser",
       "//extensions/browser:core_api_provider",
+      "//extensions/browser/updater",
       "//extensions/common",
       "//extensions/common:core_api_provider",
       "//extensions/renderer",

DEPS

@@ -14,11 +14,11 @@ gclient_gn_args = [
 
 vars = {
   'chromium_version':
-    '1f252b391a40e2681b0d9aff6497b7401863d1fc',
+    '91.0.4472.38',
   'node_version':
     'v14.16.0',
   'nan_version':
-    '2c4ee8a32a299eada3cd6e468bbd0a473bfea96d',
+    'v2.14.2',
   'squirrel.mac_version':
     'cdc0729c8bf8576bfef18629186e1e9ecf1b0d9f',
 
@@ -48,6 +48,8 @@ vars = {
   # It's only needed to parse the native tests configurations.
   'checkout_pyyaml': False,
 
+  'use_rts': False,
+
   'mac_xcode_version': 'default',
 
   # To allow running hooks without parsing the DEPS tree

ELECTRON_VERSION

@@ -1 +1 @@
-13.0.0-nightly.20210303
+13.0.0-beta.27

README.md

@@ -5,7 +5,7 @@
 [![devDependency Status](https://david-dm.org/electron/electron/dev-status.svg)](https://david-dm.org/electron/electron?type=dev)
 [![Electron Discord Invite](https://img.shields.io/discord/745037351163527189?color=%237289DA&label=chat&logo=discord&logoColor=white)](https://discord.com/invite/electron)
 
-:memo: Available Translations: 🇨🇳 🇹🇼 🇧🇷 🇪🇸 🇰🇷 🇯🇵 🇷🇺 🇫🇷 🇹🇭 🇳🇱 🇹🇷 🇮🇩 🇺🇦 🇨🇿 🇮🇹 🇵🇱.
+:memo: Available Translations: 🇨🇳 🇧🇷 🇪🇸 🇯🇵 🇷🇺 🇫🇷 🇺🇸 🇩🇪.
 View these docs in other languages at [electron/i18n](https://github.com/electron/i18n/tree/master/content/).
 
 The Electron framework lets you write cross-platform desktop applications

appveyor.yml

@@ -36,6 +36,7 @@ environment:
   ELECTRON_ENABLE_STACK_DUMPING: 1
   MOCHA_REPORTER: mocha-multi-reporters
   MOCHA_MULTI_REPORTERS: mocha-appveyor-reporter, tap
+  GOMA_FALLBACK_ON_AUTH_FAILURE: true
 notifications:
   - provider: Webhook
     url: https://electron-mission-control.herokuapp.com/rest/appveyor-hook

build/args/all.gn

@@ -19,4 +19,12 @@ enable_basic_printing = true
 angle_enable_vulkan_validation_layers = false
 dawn_enable_vulkan_validation_layers = false
 
+# This breaks native node modules
+libcxx_abi_unstable = false
+
+# These are disabled because they cause the zip manifest to differ between
+# testing and release builds.
+# See https://chromium-review.googlesource.com/c/chromium/src/+/2774898.
+enable_pseudolocales = false
+
 is_cfi = false

build/mac/make_locale_dirs.py

@@ -8,6 +8,7 @@
 # require any direct Cocoa locale support.
 
 import os
+import errno
 import sys
 
 
@@ -16,7 +17,7 @@ def main(args):
     try:
       os.makedirs(dirname)
     except OSError as e:
-      if e.errno == os.errno.EEXIST:
+      if e.errno == errno.EEXIST:
         # It's OK if it already exists
         pass
       else:

build/npm-run.py

@@ -15,12 +15,6 @@ args = [cmd, "run",
 try:
     subprocess.check_output(args, stderr=subprocess.STDOUT)
 except subprocess.CalledProcessError as e:
-    print(
-        "NPM script '"
-        + sys.argv[2]
-        + "' failed with code '"
-        + str(e.returncode)
-        + "':\n"
-        + e.output
-    )
+    error_msg = "NPM script '{}' failed with code '{}':\n".format(sys.argv[2], e.returncode)
+    print(error_msg + e.output.decode('ascii'))
     sys.exit(e.returncode)

build/webpack/webpack.config.base.js

@@ -163,7 +163,7 @@ if ((globalThis.process || binding.process).argv.includes("--profile-electron-in
         setImmediate: false
       },
       optimization: {
-        minimize: true,
+        minimize: env.mode === 'production',
         minimizer: [
           new TerserPlugin({
             terserOptions: {

build/webpack/webpack.gni

@@ -22,6 +22,11 @@ template("webpack_build") {
                "//electron/typings/internal-electron.d.ts",
              ] + invoker.inputs
 
+    mode = "development"
+    if (is_official_build) {
+      mode = "production"
+    }
+
     args = [
       "--config",
       rebase_path(invoker.config_file),
@@ -29,6 +34,7 @@ template("webpack_build") {
       "--output-path=" + rebase_path(get_path_info(invoker.out_file, "dir")),
       "--env.buildflags=" +
           rebase_path("$target_gen_dir/buildflags/buildflags.h"),
+      "--env.mode=" + mode,
     ]
     deps += [ "buildflags" ]
 

build/zip.py

@@ -39,6 +39,7 @@ PATHS_TO_SKIP = [
   './crashpad_handler',
   # Skip because these are outputs that we don't need.
   'resources/inspector',
+  'gen/third_party/devtools-frontend/src'
 ]
 
 def skip_path(dep, dist_zip, target_cpu):

chromium_src/BUILD.gn

@@ -2,6 +2,7 @@
 # Use of this source code is governed by the MIT license that can be
 # found in the LICENSE file.
 
+import("//build/config/ozone.gni")
 import("//build/config/ui.gni")
 import("//components/spellcheck/spellcheck_build_features.gni")
 import("//electron/buildflags/buildflags.gni")
@@ -16,8 +17,6 @@ static_library("chrome") {
     "//chrome/browser/accessibility/accessibility_ui.h",
     "//chrome/browser/browser_process.cc",
     "//chrome/browser/browser_process.h",
-    "//chrome/browser/crash_upload_list/crash_upload_list_crashpad.cc",
-    "//chrome/browser/crash_upload_list/crash_upload_list_crashpad.h",
     "//chrome/browser/devtools/devtools_contents_resizing_strategy.cc",
     "//chrome/browser/devtools/devtools_contents_resizing_strategy.h",
     "//chrome/browser/devtools/devtools_embedder_message_dispatcher.cc",
@@ -46,7 +45,6 @@ static_library("chrome") {
     "//chrome/browser/predictors/resolve_host_client_impl.h",
     "//chrome/browser/ssl/security_state_tab_helper.cc",
     "//chrome/browser/ssl/security_state_tab_helper.h",
-    "//chrome/browser/ssl/tls_deprecation_config.cc",
     "//chrome/browser/ui/views/autofill/autofill_popup_view_utils.cc",
     "//chrome/browser/ui/views/autofill/autofill_popup_view_utils.h",
     "//extensions/browser/app_window/size_constraints.cc",
@@ -95,12 +93,18 @@ static_library("chrome") {
 
   if (is_linux) {
     sources += [ "//chrome/browser/icon_loader_auralinux.cc" ]
+    if (use_x11 || use_ozone) {
+      sources +=
+          [ "//chrome/browser/extensions/global_shortcut_listener_linux.cc" ]
+    }
     if (use_x11) {
       sources += [
         "//chrome/browser/extensions/global_shortcut_listener_x11.cc",
         "//chrome/browser/extensions/global_shortcut_listener_x11.h",
       ]
-    } else if (use_ozone) {
+    }
+    if (use_ozone) {
+      deps += [ "//ui/ozone" ]
       sources += [
         "//chrome/browser/extensions/global_shortcut_listener_ozone.cc",
         "//chrome/browser/extensions/global_shortcut_listener_ozone.h",
@@ -191,7 +195,7 @@ static_library("chrome") {
     }
 
     if (is_linux) {
-      sources += [ "//chrome/browser/media/webrtc/window_icon_util_x11.cc" ]
+      sources += [ "//chrome/browser/media/webrtc/window_icon_util_linux.cc" ]
     }
   }
 
@@ -253,8 +257,12 @@ static_library("chrome") {
       "//chrome/browser/picture_in_picture/picture_in_picture_window_manager.h",
       "//chrome/browser/ui/views/overlay/back_to_tab_image_button.cc",
       "//chrome/browser/ui/views/overlay/back_to_tab_image_button.h",
+      "//chrome/browser/ui/views/overlay/back_to_tab_label_button.cc",
       "//chrome/browser/ui/views/overlay/close_image_button.cc",
       "//chrome/browser/ui/views/overlay/close_image_button.h",
+      "//chrome/browser/ui/views/overlay/constants.h",
+      "//chrome/browser/ui/views/overlay/hang_up_button.cc",
+      "//chrome/browser/ui/views/overlay/hang_up_button.h",
       "//chrome/browser/ui/views/overlay/overlay_window_views.cc",
       "//chrome/browser/ui/views/overlay/overlay_window_views.h",
       "//chrome/browser/ui/views/overlay/playback_image_button.cc",
@@ -263,6 +271,10 @@ static_library("chrome") {
       "//chrome/browser/ui/views/overlay/resize_handle_button.h",
       "//chrome/browser/ui/views/overlay/skip_ad_label_button.cc",
       "//chrome/browser/ui/views/overlay/skip_ad_label_button.h",
+      "//chrome/browser/ui/views/overlay/toggle_camera_button.cc",
+      "//chrome/browser/ui/views/overlay/toggle_camera_button.h",
+      "//chrome/browser/ui/views/overlay/toggle_microphone_button.cc",
+      "//chrome/browser/ui/views/overlay/toggle_microphone_button.h",
       "//chrome/browser/ui/views/overlay/track_image_button.cc",
       "//chrome/browser/ui/views/overlay/track_image_button.h",
     ]

chromium_src/chrome/browser/certificate_manager_model.cc

@@ -90,7 +90,7 @@ CertificateManagerModel::~CertificateManagerModel() = default;
 int CertificateManagerModel::ImportFromPKCS12(
     PK11SlotInfo* slot_info,
     const std::string& data,
-    const base::string16& password,
+    const std::u16string& password,
     bool is_extractable,
     net::ScopedCERTCertificateList* imported_certs) {
   return cert_db_->ImportFromPKCS12(slot_info, data, password, is_extractable,

chromium_src/chrome/browser/certificate_manager_model.h

@@ -12,7 +12,6 @@
 #include "base/callback.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
-#include "base/strings/string16.h"
 #include "net/cert/nss_cert_database.h"
 
 namespace content {
@@ -46,7 +45,7 @@ class CertificateManagerModel {
   // Returns a net error code on failure.
   int ImportFromPKCS12(PK11SlotInfo* slot_info,
                        const std::string& data,
-                       const base::string16& password,
+                       const std::u16string& password,
                        bool is_extractable,
                        net::ScopedCERTCertificateList* imported_certs);
 

default_app/default_app.ts

@@ -41,14 +41,14 @@ ipcMain.handle('bootstrap', (event) => {
   return isTrustedSender(event.sender) ? electronPath : null;
 });
 
-async function createWindow () {
+async function createWindow (backgroundColor?: string) {
   await app.whenReady();
 
   const options: Electron.BrowserWindowConstructorOptions = {
     width: 960,
     height: 620,
     autoHideMenuBar: true,
-    backgroundColor: '#2f3241',
+    backgroundColor,
     webPreferences: {
       preload: path.resolve(__dirname, 'preload.js'),
       contextIsolation: true,
@@ -96,7 +96,7 @@ export const loadURL = async (appUrl: string) => {
 };
 
 export const loadFile = async (appPath: string) => {
-  mainWindow = await createWindow();
+  mainWindow = await createWindow(appPath === 'index.html' ? '#2f3241' : undefined);
   mainWindow.loadFile(appPath);
   mainWindow.focus();
 };

docs/README.md

@@ -59,6 +59,7 @@ an issue:
   * [Using Native Node.js Modules](tutorial/using-native-node-modules.md)
   * [Performance Strategies](tutorial/performance.md)
   * [Security Strategies](tutorial/security.md)
+  * [Process Sandboxing](tutorial/sandbox.md)
 * [Accessibility](tutorial/accessibility.md)
   * [Manually Enabling Accessibility Features](tutorial/accessibility.md#manually-enabling-accessibility-features)
 * [Testing and Debugging](tutorial/application-debugging.md)
@@ -68,6 +69,7 @@ an issue:
   * [Testing on Headless CI Systems (Travis, Jenkins)](tutorial/testing-on-headless-ci.md)
   * [DevTools Extension](tutorial/devtools-extension.md)
   * [Automated Testing with a Custom Driver](tutorial/automated-testing-with-a-custom-driver.md)
+  * [REPL](tutorial/repl.md)
 * [Distribution](tutorial/application-distribution.md)
   * [Supported Platforms](tutorial/support.md#supported-platforms)
   * [Code Signing](tutorial/code-signing.md)
@@ -126,6 +128,8 @@ These individual tutorials expand on topics discussed in the guide above.
 * [ipcMain](api/ipc-main.md)
 * [Menu](api/menu.md)
 * [MenuItem](api/menu-item.md)
+* [MessageChannelMain](api/message-channel-main.md)
+* [MessagePortMain](api/message-port-main.md)
 * [net](api/net.md)
 * [netLog](api/net-log.md)
 * [nativeTheme](api/native-theme.md)
@@ -135,6 +139,7 @@ These individual tutorials expand on topics discussed in the guide above.
 * [protocol](api/protocol.md)
 * [screen](api/screen.md)
 * [session](api/session.md)
+* [ShareMenu](api/share-menu.md)
 * [systemPreferences](api/system-preferences.md)
 * [TouchBar](api/touch-bar.md)
 * [Tray](api/tray.md)
@@ -144,15 +149,14 @@ These individual tutorials expand on topics discussed in the guide above.
 ### Modules for the Renderer Process (Web Page):
 
 * [contextBridge](api/context-bridge.md)
-* [desktopCapturer](api/desktop-capturer.md)
 * [ipcRenderer](api/ipc-renderer.md)
-* [remote](api/remote.md)
 * [webFrame](api/web-frame.md)
 
 ### Modules for Both Processes:
 
 * [clipboard](api/clipboard.md)
 * [crashReporter](api/crash-reporter.md)
+* [desktopCapturer](api/desktop-capturer.md)
 * [nativeImage](api/native-image.md)
 * [shell](api/shell.md)
 

docs/api/app.md

@@ -753,7 +753,8 @@ Overrides the current application's name.
 
 ### `app.getLocale()`
 
-Returns `String` - The current application locale. Possible return values are documented [here](locales.md).
+Returns `String` - The current application locale, fetched using Chromium's `l10n_util` library.
+Possible return values are documented [here](https://source.chromium.org/chromium/chromium/src/+/master:ui/base/l10n/l10n_util.cc).
 
 To set the locale, you'll want to use a command line switch at app startup, which may be found [here](https://github.com/electron/electron/blob/master/docs/api/command-line-switches.md).
 
@@ -929,6 +930,10 @@ re-add a removed item to a custom category earlier than that will result in the
 entire custom category being omitted from the Jump List. The list of removed
 items can be obtained using `app.getJumpListSettings()`.
 
+**Note:** The maximum length of a Jump List item's `description` property is
+260 characters. Beyond this limit, the item will not be added to the Jump
+List, nor will it be displayed.
+
 Here's a very simple example of creating a custom Jump List:
 
 ```javascript

docs/api/browser-view.md

@@ -1,14 +1,16 @@
-## Class: BrowserView
-
-> Create and control views.
-
-Process: [Main](../glossary.md#main-process)
+# BrowserView
 
 A `BrowserView` can be used to embed additional web content into a
 [`BrowserWindow`](browser-window.md). It is like a child window, except that it is positioned
 relative to its owning window. It is meant to be an alternative to the
 `webview` tag.
 
+## Class: BrowserView
+
+> Create and control views.
+
+Process: [Main](../glossary.md#main-process)
+
 ### Example
 
 ```javascript

docs/api/browser-window.md

@@ -238,7 +238,7 @@ It creates a new `BrowserWindow` with native properties as set by the `options`.
     window shadow and window animations. Default is `true`.
   * `vibrancy` String (optional) - Add a type of vibrancy effect to the window, only on
     macOS. Can be `appearance-based`, `light`, `dark`, `titlebar`, `selection`,
-    `menu`, `popover`, `sidebar`, `medium-light`, `ultra-dark`, `header`, `sheet`, `window`, `hud`, `fullscreen-ui`, `tooltip`, `content`, `under-window`, or `under-page`.  Please note that using `frame: false` in combination with a vibrancy value requires that you use a non-default `titleBarStyle` as well. Also note that `appearance-based`, `light`, `dark`, `medium-light`, and `ultra-dark` are deprecated and have been removed in macOS Catalina (10.15).
+    `menu`, `popover`, `sidebar`, `medium-light`, `ultra-dark`, `header`, `sheet`, `window`, `hud`, `fullscreen-ui`, `tooltip`, `content`, `under-window`, or `under-page`. Please note that `appearance-based`, `light`, `dark`, `medium-light`, and `ultra-dark` are deprecated and have been removed in macOS Catalina (10.15).
   * `zoomToPageWidth` Boolean (optional) - Controls the behavior on macOS when
     option-clicking the green stoplight button on the toolbar or by clicking the
     Window > Zoom menu item. If `true`, the window will grow to the preferred
@@ -267,12 +267,12 @@ It creates a new `BrowserWindow` with native properties as set by the `options`.
       be the absolute file path to the script.
       When node integration is turned off, the preload script can reintroduce
       Node global symbols back to the global scope. See example
-      [here](process.md#event-loaded).
+      [here](context-bridge.md#exposing-node-global-symbols).
     * `sandbox` Boolean (optional) - If set, this will sandbox the renderer
       associated with the window, making it compatible with the Chromium
       OS-level sandbox and disabling the Node.js engine. This is not the same as
       the `nodeIntegration` option and the APIs available to the preload script
-      are more limited. Read more about the option [here](sandbox-option.md).
+      are more limited. Read more about the option [here](../tutorial/sandbox.md).
     * `enableRemoteModule` Boolean (optional) - Whether to enable the [`remote`](remote.md) module.
       Default is `false`.
     * `session` [Session](session.md#class-session) (optional) - Sets the session used by the
@@ -1301,7 +1301,7 @@ can be be used to listen to changes to tablet mode.
 
 #### `win.getMediaSourceId()`
 
-Returns `String` - Window id in the format of DesktopCapturerSource's id. For example "window:1234:0".
+Returns `String` - Window id in the format of DesktopCapturerSource's id. For example "window:1324:0".
 
 More precisely the format is `window:id:other_id` where `id` is `HWND` on
 Windows, `CGWindowID` (`uint64_t`) on macOS and `Window` (`unsigned long`) on
@@ -1319,6 +1319,8 @@ The native type of the handle is `HWND` on Windows, `NSView*` on macOS, and
 
 * `message` Integer
 * `callback` Function
+  * `wParam` any - The `wParam` provided to the WndProc
+  * `lParam` any - The `lParam` provided to the WndProc
 
 Hooks a windows message. The `callback` is called when
 the message is received in the WndProc.
@@ -1371,7 +1373,7 @@ Returns `Boolean` - Whether the window's document has been edited.
 
 Returns `Promise<NativeImage>` - Resolves with a [NativeImage](native-image.md)
 
-Captures a snapshot of the page within `rect`. Omitting `rect` will capture the whole visible page.
+Captures a snapshot of the page within `rect`. Omitting `rect` will capture the whole visible page. If the page is not visible, `rect` may be empty.
 
 #### `win.loadURL(url[, options])`
 

docs/api/command-line-switches.md

@@ -80,6 +80,12 @@ This switch can not be used in `app.commandLine.appendSwitch` since it is parsed
 earlier than user's app is loaded, but you can set the `ELECTRON_ENABLE_LOGGING`
 environment variable to achieve the same effect.
 
+### --force-fieldtrials=`trials`
+
+Field trials to be forcefully enabled or disabled.
+
+For example: `WebRTC-Audio-Red-For-Opus/Enabled/`
+
 ### --host-rules=`rules`
 
 A comma-separated list of `rules` that control how hostnames are mapped.
@@ -136,7 +142,8 @@ proxy server flags that are passed.
 
 ### --no-sandbox
 
-Disables Chromium sandbox, which is now enabled by default.
+Disables the Chromium [sandbox](https://www.chromium.org/developers/design-documents/sandbox).
+Forces renderer process and Chromium helper processes to run un-sandboxed.
 Should only be used for testing.
 
 ### --proxy-bypass-list=`hosts`

docs/api/context-bridge.md

@@ -33,7 +33,7 @@ page you load in your renderer executes code in this world.
 
 ### Isolated World
 
-When `contextIsolation` is enabled in your `webPreferences`, your `preload` scripts run in an
+When `contextIsolation` is enabled in your `webPreferences` (this is the default behavior since Electron 12.0.0), your `preload` scripts run in an
 "Isolated World".  You can read more about context isolation and what it affects in the
 [security](../tutorial/security.md#3-enable-context-isolation-for-remote-content) docs.
 
@@ -110,3 +110,22 @@ has been included below for completeness:
 | `Symbol` | N/A | ❌ | ❌ | Symbols cannot be copied across contexts so they are dropped |
 
 If the type you care about is not in the above table, it is probably not supported.
+
+### Exposing Node Global Symbols
+
+The `contextBridge` can be used by the preload script to give your renderer access to Node APIs.
+The table of supported types described above also applies to Node APIs that you expose through `contextBridge`.
+Please note that many Node APIs grant access to local system resources.
+Be very cautious about which globals and APIs you expose to untrusted remote content.
+
+```javascript
+const { contextBridge } = require('electron')
+const crypto = require('crypto')
+contextBridge.exposeInMainWorld('nodeCrypto', {
+  sha256sum (data) {
+    const hash = crypto.createHash('sha256')
+    hash.update(data)
+    return hash.digest('hex')
+  }
+})
+```

docs/api/cookies.md

@@ -45,6 +45,8 @@ The following events are available on instances of `Cookies`:
 
 #### Event: 'changed'
 
+Returns:
+
 * `event` Event
 * `cookie` [Cookie](structures/cookie.md) - The cookie that was changed.
 * `cause` String - The cause of the change with one of the following values:

docs/api/crash-reporter.md

@@ -77,7 +77,8 @@ The `crashReporter` module has the following methods:
 ### `crashReporter.start(options)`
 
 * `options` Object
-  * `submitURL` String - URL that crash reports will be sent to as POST.
+  * `submitURL` String (optional) - URL that crash reports will be sent to as
+    POST. Required unless `uploadToServer` is `false`.
   * `productName` String (optional) - Defaults to `app.name`.
   * `companyName` String (optional) _Deprecated_ - Deprecated alias for
     `{ globalExtra: { _companyName: ... } }`.

docs/api/frameless-window.md

@@ -83,8 +83,10 @@ win.show()
   blur effect to the content below the window (i.e. other applications open on
   the user's system).
 * The window will not be transparent when DevTools is opened.
-* On Windows operating systems, transparent windows will not work when DWM is
+* On Windows operating systems,
+  * transparent windows will not work when DWM is
   disabled.
+  * transparent windows can not be maximized using the Windows system menu or by double clicking the title bar. The reasoning behind this can be seen on [this pull request](https://github.com/electron/electron/pull/28207).
 * On Linux, users have to put `--enable-transparent-visuals --disable-gpu` in
   the command line to disable GPU and allow ARGB to make transparent window,
   this is caused by an upstream bug that [alpha channel doesn't work on some

docs/api/locales.md

@@ -1,142 +0,0 @@
-# Locales
-
-> Locale values returned by `app.getLocale()`.
-
-Electron uses Chromium's `l10n_util` library to fetch the locale. Possible
-values are listed below:
-
-| Language Code | Language Name |
-|---------------|---------------|
-| af | Afrikaans |
-| am | Amharic |
-| ar | Arabic |
-| az | Azerbaijani |
-| be | Belarusian |
-| bg | Bulgarian |
-| bh | Bihari |
-| bn | Bengali |
-| br | Breton |
-| bs | Bosnian |
-| ca | Catalan |
-| co | Corsican |
-| cs | Czech |
-| cy | Welsh |
-| da | Danish |
-| de | German |
-| de-AT | German (Austria) |
-| de-CH | German (Switzerland) |
-| de-DE | German (Germany) |
-| el | Greek |
-| en | English |
-| en-AU | English (Australia) |
-| en-CA | English (Canada) |
-| en-GB | English (UK) |
-| en-NZ | English (New Zealand) |
-| en-US | English (US) |
-| en-ZA | English (South Africa) |
-| eo | Esperanto |
-| es | Spanish |
-| es-419 | Spanish (Latin America) |
-| et | Estonian |
-| eu | Basque |
-| fa | Persian |
-| fi | Finnish |
-| fil | Filipino |
-| fo | Faroese |
-| fr | French |
-| fr-CA | French (Canada) |
-| fr-CH | French (Switzerland) |
-| fr-FR | French (France) |
-| fy | Frisian |
-| ga | Irish |
-| gd | Scots Gaelic |
-| gl | Galician |
-| gn | Guarani |
-| gu | Gujarati |
-| ha | Hausa |
-| haw | Hawaiian |
-| he | Hebrew |
-| hi | Hindi |
-| hr | Croatian |
-| hu | Hungarian |
-| hy | Armenian |
-| ia | Interlingua |
-| id | Indonesian |
-| is | Icelandic |
-| it | Italian |
-| it-CH | Italian (Switzerland) |
-| it-IT | Italian (Italy) |
-| ja | Japanese |
-| jw | Javanese |
-| ka | Georgian |
-| kk | Kazakh |
-| km | Cambodian |
-| kn | Kannada |
-| ko | Korean |
-| ku | Kurdish |
-| ky | Kyrgyz |
-| la | Latin |
-| ln | Lingala |
-| lo | Laothian |
-| lt | Lithuanian |
-| lv | Latvian |
-| mk | Macedonian |
-| ml | Malayalam |
-| mn | Mongolian |
-| mo | Moldavian |
-| mr | Marathi |
-| ms | Malay |
-| mt | Maltese |
-| nb | Norwegian (Bokmal) |
-| ne | Nepali |
-| nl | Dutch |
-| nn | Norwegian (Nynorsk) |
-| no | Norwegian |
-| oc | Occitan |
-| om | Oromo |
-| or | Oriya |
-| pa | Punjabi |
-| pl | Polish |
-| ps | Pashto |
-| pt | Portuguese |
-| pt-BR | Portuguese (Brazil) |
-| pt-PT | Portuguese (Portugal) |
-| qu | Quechua |
-| rm | Romansh |
-| ro | Romanian |
-| ru | Russian |
-| sd | Sindhi |
-| sh | Serbo-Croatian |
-| si | Sinhalese |
-| sk | Slovak |
-| sl | Slovenian |
-| sn | Shona |
-| so | Somali |
-| sq | Albanian |
-| sr | Serbian |
-| st | Sesotho |
-| su | Sundanese |
-| sv | Swedish |
-| sw | Swahili |
-| ta | Tamil |
-| te | Telugu |
-| tg | Tajik |
-| th | Thai |
-| ti | Tigrinya |
-| tk | Turkmen |
-| to | Tonga |
-| tr | Turkish |
-| tt | Tatar |
-| tw | Twi |
-| ug | Uighur |
-| uk | Ukrainian |
-| ur | Urdu |
-| uz | Uzbek |
-| vi | Vietnamese |
-| xh | Xhosa |
-| yi | Yiddish |
-| yo | Yoruba |
-| zh | Chinese |
-| zh-CN | Chinese (Simplified) |
-| zh-TW | Chinese (Traditional) |
-| zu | Zulu |

docs/api/menu.md

@@ -1,3 +1,5 @@
+# Menu
+
 ## Class: Menu
 
 > Create native application menus and context menus.

docs/api/message-channel-main.md

@@ -9,12 +9,15 @@ channel messaging.
 
 ## Class: MessageChannelMain
 
+> Channel interface for channel messaging in the main process.
+
 Process: [Main](../glossary.md#main-process)
 
 Example:
 
 ```js
 // Main process
+const { MessageChannelMain } = require('electron')
 const { port1, port2 } = new MessageChannelMain()
 w.webContents.postMessage('port', null, [port2])
 port1.postMessage({ some: 'message' })

docs/api/message-port-main.md

@@ -14,6 +14,8 @@ channel messaging.
 
 ## Class: MessagePortMain
 
+> Port interface for channel messaging in the main process.
+
 Process: [Main](../glossary.md#main-process)
 
 ### Instance Methods

docs/api/process.md

@@ -30,11 +30,13 @@ In sandboxed renderers the `process` object contains only a subset of the APIs:
 * `arch`
 * `platform`
 * `sandboxed`
+* `contextIsolated`
 * `type`
 * `version`
 * `versions`
 * `mas`
 * `windowsStore`
+* `contextId`
 
 ## Events
 
@@ -43,19 +45,6 @@ In sandboxed renderers the `process` object contains only a subset of the APIs:
 Emitted when Electron has loaded its internal initialization script and is
 beginning to load the web page or the main script.
 
-It can be used by the preload script to add removed Node global symbols back to
-the global scope when node integration is turned off:
-
-```javascript
-// preload.js
-const _setImmediate = setImmediate
-const _clearImmediate = clearImmediate
-process.once('loaded', () => {
-  global.setImmediate = _setImmediate
-  global.clearImmediate = _clearImmediate
-})
-```
-
 ## Properties
 
 ### `process.defaultApp` _Readonly_
@@ -93,6 +82,11 @@ A `String` representing the path to the resources directory.
 A `Boolean`. When the renderer process is sandboxed, this property is `true`,
 otherwise it is `undefined`.
 
+### `process.contextIsolated` _Readonly_
+
+A `Boolean` that indicates whether the current renderer context has `contextIsolation` enabled.
+It is `undefined` in the main process.
+
 ### `process.throwDeprecation`
 
 A `Boolean` that controls whether or not deprecation warnings will be thrown as
@@ -133,6 +127,13 @@ A `String` representing Electron's version string.
 A `Boolean`. If the app is running as a Windows Store app (appx), this property is `true`,
 for otherwise it is `undefined`.
 
+### `process.contextId` _Readonly_
+
+A `String` (optional) representing a globally unique ID of the current JavaScript context.
+Each frame has its own JavaScript context. When contextIsolation is enabled, the isolated
+world also has a separate JavaScript context.
+This property is only available in the renderer process.
+
 ## Methods
 
 The `process` object has the following methods:

docs/api/sandbox-option.md

@@ -1,182 +0,0 @@
-# `sandbox` Option
-
-> Create a browser window with a sandboxed renderer. With this
-option enabled, the renderer must communicate via IPC to the main process in order to access node APIs.
-
-One of the key security features of Chromium is that all blink rendering/JavaScript
-code is executed within a sandbox. This sandbox uses OS-specific features to ensure
-that exploits in the renderer process cannot harm the system.
-
-In other words, when the sandbox is enabled, the renderers can only make changes
-to the system by delegating tasks to the main process via IPC.
-[Here's](https://www.chromium.org/developers/design-documents/sandbox) more
-information about the sandbox.
-
-Since a major feature in Electron is the ability to run Node.js in the
-renderer process (making it easier to develop desktop applications using web
-technologies), the sandbox is disabled by electron. This is because
-most Node.js APIs require system access. `require()` for example, is not
-possible without file system permissions, which are not available in a sandboxed
-environment.
-
-Usually this is not a problem for desktop applications since the code is always
-trusted, but it makes Electron less secure than Chromium for displaying
-untrusted web content. For applications that require more security, the
-`sandbox` flag will force Electron to spawn a classic Chromium renderer that is
-compatible with the sandbox.
-
-A sandboxed renderer doesn't have a Node.js environment running and doesn't
-expose Node.js JavaScript APIs to client code. The only exception is the preload script,
-which has access to a subset of the Electron renderer API.
-
-Another difference is that sandboxed renderers don't modify any of the default
-JavaScript APIs. Consequently, some APIs such as `window.open` will work as they
-do in Chromium (i.e. they do not return a [`BrowserWindowProxy`](browser-window-proxy.md)).
-
-## Example
-
-To create a sandboxed window, pass `sandbox: true` to `webPreferences`:
-
-```js
-let win
-app.whenReady().then(() => {
-  win = new BrowserWindow({
-    webPreferences: {
-      sandbox: true
-    }
-  })
-  win.loadURL('http://google.com')
-})
-```
-
-In the above code the [`BrowserWindow`](browser-window.md) that was created has Node.js disabled and can communicate
-only via IPC. The use of this option stops Electron from creating a Node.js runtime in the renderer. Also,
-within this new window `window.open` follows the native behavior (by default Electron creates a [`BrowserWindow`](browser-window.md)
-and returns a proxy to this via `window.open`).
-
-[`app.enableSandbox`](app.md#appenablesandbox) can be used to force `sandbox: true` for all `BrowserWindow` instances.
-
-```js
-let win
-app.enableSandbox()
-app.whenReady().then(() => {
-  // no need to pass `sandbox: true` since `app.enableSandbox()` was called.
-  win = new BrowserWindow()
-  win.loadURL('http://google.com')
-})
-```
-
-## Preload
-
-An app can make customizations to sandboxed renderers using a preload script.
-Here's an example:
-
-```js
-let win
-app.whenReady().then(() => {
-  win = new BrowserWindow({
-    webPreferences: {
-      sandbox: true,
-      preload: path.join(app.getAppPath(), 'preload.js')
-    }
-  })
-  win.loadURL('http://google.com')
-})
-```
-
-and preload.js:
-
-```js
-// This file is loaded whenever a javascript context is created. It runs in a
-// private scope that can access a subset of Electron renderer APIs. Without
-// contextIsolation enabled, it's possible to accidentally leak privileged
-// globals like ipcRenderer to web content.
-const { ipcRenderer } = require('electron')
-
-const defaultWindowOpen = window.open
-
-window.open = function customWindowOpen (url, ...args) {
-  ipcRenderer.send('report-window-open', location.origin, url, args)
-  return defaultWindowOpen(url + '?from_electron=1', ...args)
-}
-```
-
-Important things to notice in the preload script:
-
-- Even though the sandboxed renderer doesn't have Node.js running, it still has
-  access to a limited node-like environment: `Buffer`, `process`, `setImmediate`,
-  `clearImmediate` and `require` are available.
-- The preload script must be contained in a single script, but it is possible to have
-  complex preload code composed with multiple modules by using a tool like
-  webpack or browserify. An example of using browserify is below.
-
-To create a browserify bundle and use it as a preload script, something like
-the following should be used:
-
-```sh
-  browserify preload/index.js \
-    -x electron \
-    --insert-global-vars=__filename,__dirname -o preload.js
-```
-
-The `-x` flag should be used with any required module that is already exposed in
-the preload scope, and tells browserify to use the enclosing `require` function
-for it. `--insert-global-vars` will ensure that `process`, `Buffer` and
-`setImmediate` are also taken from the enclosing scope(normally browserify
-injects code for those).
-
-Currently the `require` function provided in the preload scope exposes the
-following modules:
-
-- `electron`
-  - `crashReporter`
-  - `desktopCapturer`
-  - `ipcRenderer`
-  - `nativeImage`
-  - `webFrame`
-- `events`
-- `timers`
-- `url`
-
-More may be added as needed to expose more Electron APIs in the sandbox.
-
-## Rendering untrusted content
-
-Rendering untrusted content in Electron is still somewhat uncharted territory,
-though some apps are finding success (e.g. Beaker Browser). Our goal is to get
-as close to Chrome as we can in terms of the security of sandboxed content, but
-ultimately we will always be behind due to a few fundamental issues:
-
-1. We do not have the dedicated resources or expertise that Chromium has to
-   apply to the security of its product. We do our best to make use of what we
-   have, to inherit everything we can from Chromium, and to respond quickly to
-   security issues, but Electron cannot be as secure as Chromium without the
-   resources that Chromium is able to dedicate.
-2. Some security features in Chrome (such as Safe Browsing and Certificate
-   Transparency) require a centralized authority and dedicated servers, both of
-   which run counter to the goals of the Electron project. As such, we disable
-   those features in Electron, at the cost of the associated security they
-   would otherwise bring.
-3. There is only one Chromium, whereas there are many thousands of apps built
-   on Electron, all of which behave slightly differently. Accounting for those
-   differences can yield a huge possibility space, and make it challenging to
-   ensure the security of the platform in unusual use cases.
-4. We can't push security updates to users directly, so we rely on app vendors
-   to upgrade the version of Electron underlying their app in order for
-   security updates to reach users.
-
-Here are some things to consider before rendering untrusted content:
-
-- A preload script can accidentally leak privileged APIs to untrusted code,
-  unless [`contextIsolation`](../tutorial/security.md#3-enable-context-isolation-for-remote-content)
-  is also enabled.
-- Some bug in the V8 engine may allow malicious code to access the renderer
-  preload APIs, effectively granting full access to the system through the
-  `remote` module. Therefore, it is highly recommended to [disable the `remote`
-  module](../tutorial/security.md#15-disable-the-remote-module).
-  If disabling is not feasible, you should selectively [filter the `remote`
-  module](../tutorial/security.md#16-filter-the-remote-module).
-- While we make our best effort to backport Chromium security fixes to older
-  versions of Electron, we do not make a guarantee that every fix will be
-  backported. Your best chance at staying secure is to be on the latest stable
-  version of Electron.

docs/api/session.md

@@ -822,6 +822,11 @@ Returns `Extension[]` - A list of all loaded extensions.
 **Note:** This API cannot be called before the `ready` event of the `app` module
 is emitted.
 
+#### `ses.getStoragePath()`
+
+A `String | null` indicating the absolute file system path where data for this
+session is persisted on disk.  For in memory sessions this returns `null`.
+
 ### Instance Properties
 
 The following properties are available on instances of `Session`:
@@ -835,6 +840,11 @@ code to the `setSpellCheckerLanguages` API that isn't in this array will result
 
 A `Boolean` indicating whether builtin spell checker is enabled.
 
+#### `ses.storagePath` _Readonly_
+
+A `String | null` indicating the absolute file system path where data for this
+session is persisted on disk.  For in memory sessions this returns `null`.
+
 #### `ses.cookies` _Readonly_
 
 A [`Cookies`](cookies.md) object for this session.

docs/api/share-menu.md

@@ -1,8 +1,4 @@
-## Class: ShareMenu
-
-> Create share menu on macOS.
-
-Process: [Main](../glossary.md#main-process)
+# ShareMenu
 
 The `ShareMenu` class creates [Share Menu][share-menu] on macOS, which can be
 used to share information from the current context to apps, social media
@@ -11,6 +7,12 @@ accounts, and other services.
 For including the share menu as a submenu of other menus, please use the
 `shareMenu` role of [`MenuItem`](menu-item.md).
 
+## Class: ShareMenu
+
+> Create share menu on macOS.
+
+Process: [Main](../glossary.md#main-process)
+
 ### `new ShareMenu(sharingItem)`
 
 * `sharingItem` SharingItem - The item to share.

docs/api/structures/jump-list-category.md

@@ -19,3 +19,7 @@
 property set then its `type` is assumed to be `tasks`. If the `name` property
 is set but the `type` property is omitted then the `type` is assumed to be
 `custom`.
+
+**Note:** The maximum length of a Jump List item's `description` property is
+260 characters. Beyond this limit, the item will not be added to the Jump
+List, nor will it be displayed.

docs/api/structures/jump-list-item.md

@@ -17,7 +17,7 @@
 * `title` String (optional) - The text to be displayed for the item in the Jump List.
   Should only be set if `type` is `task`.
 * `description` String (optional) - Description of the task (displayed in a tooltip).
-  Should only be set if `type` is `task`.
+  Should only be set if `type` is `task`. Maximum length 260 characters.
 * `iconPath` String (optional) - The absolute path to an icon to be displayed in a
   Jump List, which can be an arbitrary resource file that contains an icon
   (e.g. `.ico`, `.exe`, `.dll`). You can usually specify `process.execPath` to

docs/api/structures/upload-file.md

@@ -1,6 +1,6 @@
 # UploadFile Object
 
-* `type` String - `file`.
+* `type` 'file' - `file`.
 * `filePath` String - Path of file to be uploaded.
 * `offset` Integer - Defaults to `0`.
 * `length` Integer - Number of bytes to read from `offset`.

docs/api/structures/upload-raw-data.md

@@ -1,4 +1,4 @@
 # UploadRawData Object
 
-* `type` String - `rawData`.
+* `type` 'rawData' - `rawData`.
 * `bytes` Buffer - Data to be uploaded.

docs/api/system-preferences.md

@@ -130,6 +130,8 @@ This is necessary for events such as `NSUserDefaultsDidChangeNotification`.
   * `userInfo` Record<String, unknown>
   * `object` String
 
+Returns `Number` - The ID of this subscription
+
 Same as `subscribeNotification`, but uses `NSWorkspace.sharedWorkspace.notificationCenter`.
 This is necessary for events such as `NSWorkspaceDidActivateApplicationNotification`.
 

docs/api/touch-bar.md

@@ -1,3 +1,5 @@
+# TouchBar
+
 ## Class: TouchBar
 
 > Create TouchBar layouts for native macOS applications

docs/api/tray.md

@@ -1,3 +1,5 @@
+# Tray
+
 ## Class: Tray
 
 > Add icons and context menus to the system's notification area.

docs/api/web-contents.md

@@ -1184,6 +1184,7 @@ Ignore application menu shortcuts while this web contents is focused.
     * `url` String - The _resolved_ version of the URL passed to `window.open()`. e.g. opening a window with `window.open('foo')` will yield something like `https://the-origin/the/current/path/foo`.
     * `frameName` String - Name of the window provided in `window.open()`
     * `features` String - Comma separated list of window features provided to `window.open()`.
+
   Returns `{action: 'deny'} | {action: 'allow', overrideBrowserWindowOptions?: BrowserWindowConstructorOptions}` - `deny` cancels the creation of the new
   window. `allow` will allow the new window to be created. Specifying `overrideBrowserWindowOptions` allows customization of the created window.
   Returning an unrecognized value such as a null, undefined, or an object
@@ -1363,19 +1364,21 @@ Captures a snapshot of the page within `rect`. Omitting `rect` will capture the
 Returns `Boolean` - Whether this page is being captured. It returns true when the capturer count
 is large then 0.
 
-#### `contents.incrementCapturerCount([size, stayHidden])`
+#### `contents.incrementCapturerCount([size, stayHidden, stayAwake])`
 
 * `size` [Size](structures/size.md) (optional) - The preferred size for the capturer.
 * `stayHidden` Boolean (optional) -  Keep the page hidden instead of visible.
+* `stayAwake` Boolean (optional) -  Keep the system awake instead of allowing it to sleep.
 
 Increase the capturer count by one. The page is considered visible when its browser window is
 hidden and the capturer count is non-zero. If you would like the page to stay hidden, you should ensure that `stayHidden` is set to true.
 
 This also affects the Page Visibility API.
 
-#### `contents.decrementCapturerCount([stayHidden])`
+#### `contents.decrementCapturerCount([stayHidden, stayAwake])`
 
 * `stayHidden` Boolean (optional) -  Keep the page in hidden state instead of visible.
+* `stayAwake` Boolean (optional) -  Keep the system awake instead of allowing it to sleep.
 
 Decrease the capturer count by one. The page will be set to hidden or occluded state when its
 browser window is hidden or occluded and the capturer count reaches zero. If you want to

docs/api/webview-tag.md

@@ -5,7 +5,7 @@
 Electron's `webview` tag is based on [Chromium's `webview`][chrome-webview], which
 is undergoing dramatic architectural changes. This impacts the stability of `webviews`,
 including rendering, navigation, and event routing. We currently recommend to not
-use the `webview` tag and to consider alternatives, like `iframe`, Electron's `BrowserView`,
+use the `webview` tag and to consider alternatives, like `iframe`, [Electron's `BrowserView`](browser-view.md),
 or an architecture that avoids embedded content altogether.
 
 ## Enabling

docs/api/window-open.md

@@ -83,9 +83,9 @@ const mainWindow = new BrowserWindow()
 
 mainWindow.webContents.setWindowOpenHandler(({ url }) => {
   if (url.startsWith('https://github.com/')) {
-    return true
+    return { action: 'allow' }
   }
-  return false
+  return { action: 'deny' }
 })
 
 mainWindow.webContents.on('did-create-window', (childWindow) => {

docs/breaking-changes.md

@@ -136,6 +136,22 @@ systemPreferences.isHighContrastColorScheme()
 nativeTheme.shouldUseHighContrastColors
 ```
 
+### Deprecated: WebContents `new-window` event
+
+The `new-window` event of WebContents has been deprecated. It is replaced by [`webContents.setWindowOpenHandler()`](api/web-contents.md#contentssetwindowopenhandlerhandler).
+
+```js
+// Deprecated in Electron 13
+webContents.on('new-window', (event) => {
+  event.preventDefault()
+})
+
+// Replace with
+webContents.setWindowOpenHandler((details) => {
+  return { action: 'deny' }
+})
+```
+
 ## Planned Breaking API Changes (12.0)
 
 ### Removed: Pepper Flash support
@@ -160,6 +176,9 @@ the previous behavior, `contextIsolation: false` must be specified in WebPrefere
 
 We [recommend having contextIsolation enabled](https://github.com/electron/electron/blob/master/docs/tutorial/security.md#3-enable-context-isolation-for-remote-content) for the security of your application.
 
+Another implication is that `require()` cannot be used in the renderer process unless
+`nodeIntegration` is `true` and `contextIsolation` is `false`.
+
 For more details see: https://github.com/electron/electron/issues/23506
 
 ### Removed: `crashReporter.getCrashesDirectory()`

docs/development/build-instructions-gn.md

@@ -1,6 +1,8 @@
 # Build Instructions
 
-Follow the guidelines below for building Electron.
+Follow the guidelines below for building **Electron itself**, for the purposes of creating custom Electron binaries. For bundling and distributing your app code with the prebuilt Electron binaries, see the [application distribution][application-distribution] guide.
+
+[application-distribution]: ../tutorial/application-distribution.md
 
 ## Platform prerequisites
 

docs/development/build-instructions-linux.md

@@ -1,6 +1,8 @@
 # Build Instructions (Linux)
 
-Follow the guidelines below for building Electron on Linux.
+Follow the guidelines below for building **Electron itself** on Linux, for the purposes of creating custom Electron binaries. For bundling and distributing your app code with the prebuilt Electron binaries, see the [application distribution][application-distribution] guide.
+
+[application-distribution]: ../tutorial/application-distribution.md
 
 ## Prerequisites
 

docs/development/build-instructions-macos.md

@@ -1,6 +1,8 @@
 # Build Instructions (macOS)
 
-Follow the guidelines below for building Electron on macOS.
+Follow the guidelines below for building **Electron itself** on macOS, for the purposes of creating custom Electron binaries. For bundling and distributing your app code with the prebuilt Electron binaries, see the [application distribution][application-distribution] guide.
+
+[application-distribution]: ../tutorial/application-distribution.md
 
 ## Prerequisites
 

docs/development/build-instructions-windows.md

@@ -1,6 +1,8 @@
 # Build Instructions (Windows)
 
-Follow the guidelines below for building Electron on Windows.
+Follow the guidelines below for building **Electron itself** on Windows, for the purposes of creating custom Electron binaries. For bundling and distributing your app code with the prebuilt Electron binaries, see the [application distribution][application-distribution] guide.
+
+[application-distribution]: ../tutorial/application-distribution.md
 
 ## Prerequisites
 

docs/development/issues.md

@@ -33,8 +33,7 @@ contributing, and more. Please use the issue tracker for bugs only!
 To submit a bug report:
 
 When opening a new issue in the [`electron/electron` issue tracker](https://github.com/electron/electron/issues/new/choose), users
-will be presented with [a template](https://github.com/electron/electron/blob/master/.github/ISSUE_TEMPLATE/Bug_report.md)
-that should be filled in.
+will be presented with a template that should be filled in.
 
 If you believe that you have found a bug in Electron, please fill out the template
 to the best of your ability.

docs/development/source-code-directory-structure.md

@@ -100,7 +100,5 @@ script/ - The set of all scripts Electron runs for a variety of purposes.
     └── uploaders/ - Uploads various release-related files during release.
 ```
 
-* **tools** - Helper scripts used by GN files.
-  * Scripts put here should never be invoked by users directly, unlike those in `script`.
 * **typings** - TypeScript typings for Electron's internal code.
 * **vendor** - Source code for some third party dependencies.

docs/fiddles/quick-start/index.html

@@ -8,9 +8,9 @@
 <body>
     <h1>Hello World!</h1>
     <p>
-        We are using node <script>document.write(process.versions.node)</script>,
-        Chrome <script>document.write(process.versions.chrome)</script>,
-        and Electron <script>document.write(process.versions.electron)</script>.
+        We are using Node.js <span id="node-version"></span>,
+        Chromium <span id="chrome-version"></span>,
+        and Electron <span id="electron-version"></span>.
     </p>
 </body>
 </html>

docs/fiddles/quick-start/main.js

@@ -1,18 +1,27 @@
 const { app, BrowserWindow } = require('electron')
+const path = require('path')
 
 function createWindow () {
   const win = new BrowserWindow({
     width: 800,
     height: 600,
     webPreferences: {
-      nodeIntegration: true
+      preload: path.join(__dirname, 'preload.js')
     }
   })
 
   win.loadFile('index.html')
 }
 
-app.whenReady().then(createWindow)
+app.whenReady().then(() => {
+  createWindow()
+
+  app.on('activate', () => {
+    if (BrowserWindow.getAllWindows().length === 0) {
+      createWindow()
+    }
+  })
+})
 
 app.on('window-all-closed', () => {
   if (process.platform !== 'darwin') {
@@ -20,8 +29,3 @@ app.on('window-all-closed', () => {
   }
 })
 
-app.on('activate', () => {
-  if (BrowserWindow.getAllWindows().length === 0) {
-    createWindow()
-  }
-})

docs/fiddles/quick-start/preload.js

@@ -0,0 +1,11 @@
+window.addEventListener('DOMContentLoaded', () => {
+  const replaceText = (selector, text) => {
+    const element = document.getElementById(selector)
+    if (element) element.innerText = text
+  }
+
+  for (const type of ['chrome', 'node', 'electron']) {
+    replaceText(`${type}-version`, process.versions[type])
+  }
+})
+

docs/tutorial/installation.md

@@ -11,14 +11,19 @@ npm install electron --save-dev
 See the [Electron versioning doc][versioning] for info on how to
 manage Electron versions in your apps.
 
-## Global Installation
+## Running Electron ad-hoc
 
-You can also install the `electron` command globally in your `$PATH`:
+If you're in a pinch and would prefer to not use `npm install` in your local
+project, you can also run Electron ad-hoc using the [`npx`][npx] command runner
+bundled with `npm`:
 
 ```sh
-npm install electron -g
+npx electron .
 ```
 
+The above command will run the current working directory with Electron. Note that
+any dependencies in your app will not be installed.
+
 ## Customization
 
 If you want to change the architecture that is downloaded (e.g., `ia32` on an
@@ -178,6 +183,7 @@ If you need to force a re-download of the asset and the SHASUM file set the
 
 [npm]: https://docs.npmjs.com
 [versioning]: ./electron-versioning.md
+[npx]: https://docs.npmjs.com/cli/v7/commands/npx
 [releases]: https://github.com/electron/electron/releases
 [proxy-env-10]: https://github.com/gajus/global-agent/blob/v2.1.5/README.md#environment-variables
 [proxy-env]: https://github.com/np-maintain/global-tunnel/blob/v2.7.1/README.md#auto-config

docs/tutorial/quick-start.md

@@ -32,6 +32,7 @@ From a development perspective, an Electron application is essentially a Node.js
 my-electron-app/
 ├── package.json
 ├── main.js
+├── preload.js
 └── index.html
 ```
 
@@ -55,45 +56,49 @@ The main script may look as follows:
 
 ```javascript fiddle='docs/fiddles/quick-start'
 const { app, BrowserWindow } = require('electron')
+const path = require('path')
 
 function createWindow () {
   const win = new BrowserWindow({
     width: 800,
     height: 600,
     webPreferences: {
-      nodeIntegration: true
+      preload: path.join(__dirname, 'preload.js')
     }
   })
 
   win.loadFile('index.html')
 }
 
-app.whenReady().then(createWindow)
+app.whenReady().then(() => {
+  createWindow()
+
+  app.on('activate', () => {
+    if (BrowserWindow.getAllWindows().length === 0) {
+      createWindow()
+    }
+  })
+})
 
 app.on('window-all-closed', () => {
   if (process.platform !== 'darwin') {
     app.quit()
   }
 })
-
-app.on('activate', () => {
-  if (BrowserWindow.getAllWindows().length === 0) {
-    createWindow()
-  }
-})
 ```
 
 ##### What is going on above?
 
 1. Line 1: First, you import the `app` and `BrowserWindow` modules of the `electron` package to be able to manage your application's lifecycle events, as well as create and control browser windows.
-2. Line 3: After that, you define a function that creates a [new browser window](../api/browser-window.md#new-browserwindowoptions) with node integration enabled, loads `index.html` file into this window (line 12, we will discuss the file later).
-3. Line 15: You create a new browser window by invoking the `createWindow` function once the Electron application [is initialized](../api/app.md#appwhenready).
-4. Line 17: You add a new listener that tries to quit the application when it no longer has any open windows. This listener is a no-op on macOS due to the operating system's [window management behavior](https://support.apple.com/en-ca/guide/mac-help/mchlp2469/mac).
-5. Line 23: You add a new listener that creates a new browser window only if when the application has no visible windows after being activated. For example, after launching the application for the first time, or re-launching the already running application.
+2. Line 2: Second, you import the `path` package which provides utility functions for file paths.
+3. Line 4: After that, you define a function that creates a [new browser window](../api/browser-window.md#new-browserwindowoptions) with a preload script, loads `index.html` file into this window (line 13, we will discuss the file later).
+4. Line 16: You create a new browser window by invoking the `createWindow` function once the Electron application [is initialized](../api/app.md#appwhenready).
+5. Line 18: You add a new listener that creates a new browser window only if when the application has no visible windows after being activated. For example, after launching the application for the first time, or re-launching the already running application.
+6. Line 25: You add a new listener that tries to quit the application when it no longer has any open windows. This listener is a no-op on macOS due to the operating system's [window management behavior](https://support.apple.com/en-ca/guide/mac-help/mchlp2469/mac).
 
 #### Create a web page
 
-This is the web page you want to display once the application is initialized. This web page represents the Renderer process. You can create multiple browser windows, where each window uses its own independent Renderer. Each window can optionally be granted with full access to Node.js API through the `nodeIntegration` preference.
+This is the web page you want to display once the application is initialized. This web page represents the Renderer process. You can create multiple browser windows, where each window uses its own independent Renderer. You can optionally grant access to additional Node.js APIs by exposing them from your preload script.
 
 The `index.html` page looks as follows:
 
@@ -108,14 +113,38 @@ The `index.html` page looks as follows:
 <body style="background: white;">
     <h1>Hello World!</h1>
     <p>
-        We are using node <script>document.write(process.versions.node)</script>,
-        Chrome <script>document.write(process.versions.chrome)</script>,
-        and Electron <script>document.write(process.versions.electron)</script>.
+        We are using Node.js <span id="node-version"></span>,
+        Chromium <span id="chrome-version"></span>,
+        and Electron <span id="electron-version"></span>.
     </p>
 </body>
 </html>
 ```
 
+#### Define a preload script
+
+Your preload script (in our case, the `preload.js` file) acts as a bridge between Node.js and your web page. It allows you to expose specific APIs and behaviors to your web page rather than insecurely exposing the entire Node.js API. In this example we will use the preload script to read version information from the `process` object and update the web page with that info.
+
+```javascript fiddle='docs/fiddles/quick-start'
+window.addEventListener('DOMContentLoaded', () => {
+  const replaceText = (selector, text) => {
+    const element = document.getElementById(selector)
+    if (element) element.innerText = text
+  }
+
+  for (const type of ['chrome', 'node', 'electron']) {
+    replaceText(`${type}-version`, process.versions[type])
+  }
+})
+```
+
+##### What's going on above?
+
+1. On line 1: First you define an event listener that tells you when the web page has loaded
+2. On line 2: Second you define a utility function used to set the text of the placeholders in the `index.html`
+3. On line 7: Next you loop through the list of components whose version you want to display
+4. On line 8: Finally, you call `replaceText` to look up the version placeholders in `index.html` and set their text value to the values from `process.versions`
+
 #### Modify your package.json file
 
 Your Electron application uses the `package.json` file as the main entry point (as any other Node.js application). The main script of your application is `main.js`, so modify the `package.json` file accordingly:
@@ -167,7 +196,8 @@ The simplest and the fastest way to distribute your newly created app is using
 1. Import Electron Forge to your app folder:
 
     ```sh
-    npx @electron-forge/cli import
+    npm install --save-dev @electron-forge/cli
+    npx electron-forge import
 
     ✔ Checking your system
     ✔ Initializing Git Repository
@@ -282,7 +312,7 @@ ipcRenderer.invoke('perform-action', ...args)
 
 ##### Node.js API
 
-> NOTE: To access the Node.js API from the Renderer process, you need to set the `nodeIntegration` preference to `true`.
+> NOTE: To access the Node.js API from the Renderer process, you need to set the `nodeIntegration` preference to `true` and the `contextIsolation` preference to `false`.  Please note that access to the Node.js API in any renderer that loads remote content is not recommended for [security reasons](../tutorial/security.md#2-do-not-enable-nodejs-integration-for-remote-content).
 
 Electron exposes full access to Node.js API and its modules both in the Main and the Renderer processes. For example, you can read all the files from the root directory:
 

docs/tutorial/recent-documents.md

@@ -83,6 +83,22 @@ following code snippet to your menu template:
 }
 ```
 
+Make sure the application menu is added after the [`'ready'`](../api/app.md#event-ready)
+event and not before, or the menu item will be disabled:
+
+```javascript
+const { app, Menu } = require('electron')
+
+const template = [
+  // Menu template here
+]
+const menu = Menu.buildFromTemplate(template)
+
+app.whenReady().then(() => {
+  Menu.setApplicationMenu(menu)
+})
+```
+
 ![macOS Recent Documents menu item][menu-item-image]
 
 When a file is requested from the recent documents menu, the `open-file` event

docs/tutorial/repl.md

@@ -1,27 +1,23 @@
 # REPL
 
-Read-Eval-Print-Loop (REPL) is a simple, interactive computer programming
-environment that takes single user inputs (i.e. single expressions), evaluates
-them, and returns the result to the user.
+[Read-Eval-Print-Loop](https://en.wikipedia.org/wiki/Read%E2%80%93eval%E2%80%93print_loop) (REPL)
+is a simple, interactive computer programming environment that takes single user
+inputs (i.e. single expressions), evaluates them, and returns the result to the user.
 
-The `repl` module provides a REPL implementation that can be accessed using:
+## Main process
 
-* Assuming you have `electron` or `electron-prebuilt` installed as a local
-  project dependency:
+Electron exposes the [Node.js `repl` module](https://nodejs.org/dist/latest/docs/api/repl.html)
+through the `--interactive` CLI flag. Assuming you have `electron` installed as a local project
+dependency, you should be able to access the REPL with the following command:
 
   ```sh
   ./node_modules/.bin/electron --interactive
   ```
 
-* Assuming you have `electron` or `electron-prebuilt` installed globally:
+**Note:** `electron --interactive` is not available on Windows
+(see [electron/electron#5776](https://github.com/electron/electron/pull/5776) for more details).
 
-  ```sh
-  electron --interactive
-  ```
+## Renderer process
 
-This only creates a REPL for the main process. You can use the Console
-tab of the Dev Tools to get a REPL for the renderer processes.
-
-**Note:** `electron --interactive` is not available on Windows.
-
-More information can be found in the [Node.js REPL docs](https://nodejs.org/dist/latest/docs/api/repl.html).
+You can use the DevTools Console tab to get a REPL for any renderer process.
+To learn more, read [the Chrome documentation](https://developer.chrome.com/docs/devtools/console/).

docs/tutorial/sandbox.md

@@ -0,0 +1,169 @@
+# Process Sandboxing
+
+One key security feature in Chromium is that processes can be executed within a sandbox.
+The sandbox limits the harm that malicious code can cause by limiting access to most
+system resources — sandboxed processes can only freely use CPU cycles and memory.
+In order to perform operations requiring additional privilege, sandboxed processes
+use dedicated communication channels to delegate tasks to more privileged processes.
+
+In Chromium, sandboxing is applied to most processes other than the main process.
+This includes renderer processes, as well as utility processes such as the audio service,
+the GPU service and the network service.
+
+See Chromium's [Sandbox design document][sandbox] for more information.
+
+## Electron's sandboxing policies
+
+Electron comes with a mixed sandbox environment, meaning sandboxed processes can run
+alongside privileged ones. By default, renderer processes are not sandboxed, but
+utility processes are. Note that as in Chromium, the main (browser) process is
+privileged and cannot be sandboxed.
+
+Historically, this mixed sandbox approach was established because having Node.js available
+in the renderer is an extremely powerful tool for app developers. Unfortunately, this
+feature is also an equally massive security vulnerability.
+
+Theoretically, unsandboxed renderers are not a problem for desktop applications that
+only display trusted code, but they make Electron less secure than Chromium for
+displaying untrusted web content. However, even purportedly trusted code may be
+dangerous — there are countless attack vectors that malicious actors can use, from
+cross-site scripting to content injection to man-in-the-middle attacks on remotely loaded
+websites, just to name a few. For this reason, we recommend enabling renderer sandboxing
+for the vast majority of cases under an abundance of caution.
+
+<!--TODO: update this guide when #28466 is either solved or closed -->
+Note that there is an active discussion in the issue tracker to enable renderer sandboxing
+by default. See [#28466][issue-28466]) for details.
+
+## Sandbox behaviour in Electron
+
+Sandboxed processes in Electron behave _mostly_ in the same way as Chromium's do, but
+Electron has a few additional concepts to consider because it interfaces with Node.js.
+
+### Renderer processes
+
+When renderer processes in Electron are sandboxed, they behave in the same way as a
+regular Chrome renderer would. A sandboxed renderer won't have a Node.js
+environment initialized.
+
+<!-- TODO(erickzhao): when we have a solid guide for IPC, link it here -->
+Therefore, when the sandbox is enabled, renderer processes can only perform privileged
+tasks (such as interacting with the filesystem, making changes to the system, or spawning
+subprocesses) by delegating these tasks to the main process via inter-process
+communication (IPC).
+
+### Preload scripts
+
+In order to allow renderer processes to communicate with the main process, preload
+scripts attached to sandboxed renderers will still have a polyfilled subset of Node.js
+APIs available. A `require` function similar to Node's `require` module is exposed,
+but can only import a subset of Electron and Node's built-in modules:
+
+* `electron` (only renderer process modules)
+* [`events`](https://nodejs.org/api/events.html)
+* [`timers`](https://nodejs.org/api/timers.html)
+* [`url`](https://nodejs.org/api/url.html)
+
+In addition, the preload script also polyfills certain Node.js primitives as globals:
+
+* [`Buffer`](https://nodejs.org/api/Buffer.html)
+* [`process`](../api/process.md)
+* [`clearImmediate`](https://nodejs.org/api/timers.html#timers_clearimmediate_immediate)
+* [`setImmediate`](https://nodejs.org/api/timers.html#timers_setimmediate_callback_args)
+
+Because the `require` function is a polyfill with limited functionality, you will not be
+able to use [CommonJS modules][commonjs] to separate your preload script into multiple
+files. If you need to split your preload code, use a bundler such as [webpack][webpack]
+or [Parcel][parcel].
+
+Note that because the environment presented to the `preload` script is substantially
+more privileged than that of a sandboxed renderer, it is still possible to leak
+privileged APIs to untrusted code running in the renderer process unless
+[`contextIsolation`][contextIsolation] is enabled.
+
+## Configuring the sandbox
+
+### Enabling the sandbox for a single process
+
+In Electron, renderer sandboxing can be enabled on a per-process basis with
+the `sandbox: true` preference in the [`BrowserWindow`][browser-window] constructor.
+
+```js
+// main.js
+app.whenReady().then(() => {
+  const win = new BrowserWindow({
+    webPreferences: {
+      sandbox: true
+    }
+  })
+  win.loadURL('https://google.com')
+})
+```
+
+### Enabling the sandbox globally
+
+If you want to force sandboxing for all renderers, you can also use the
+[`app.enableSandbox`][enable-sandbox] API. Note that this API has to be called before the
+app's `ready` event.
+
+```js
+// main.js
+app.enableSandbox()
+app.whenReady().then(() => {
+  // no need to pass `sandbox: true` since `app.enableSandbox()` was called.
+  const win = new BrowserWindow()
+  win.loadURL('https://google.com')
+})
+```
+
+### Disabling Chromium's sandbox (testing only)
+
+You can also disable Chromium's sandbox entirely with the [`--no-sandbox`][no-sandbox]
+CLI flag, which will disable the sandbox for all processes (including utility processes).
+We highly recommend that you only use this flag for testing purposes, and **never**
+in production.
+
+Note that the `sandbox: true` option will still disable the renderer's Node.js
+environment.
+
+## A note on rendering untrusted content
+
+Rendering untrusted content in Electron is still somewhat uncharted territory,
+though some apps are finding success (e.g. [Beaker Browser][beaker]).
+Our goal is to get as close to Chrome as we can in terms of the security of
+sandboxed content, but ultimately we will always be behind due to a few fundamental
+issues:
+
+1. We do not have the dedicated resources or expertise that Chromium has to
+   apply to the security of its product. We do our best to make use of what we
+   have, to inherit everything we can from Chromium, and to respond quickly to
+   security issues, but Electron cannot be as secure as Chromium without the
+   resources that Chromium is able to dedicate.
+2. Some security features in Chrome (such as Safe Browsing and Certificate
+   Transparency) require a centralized authority and dedicated servers, both of
+   which run counter to the goals of the Electron project. As such, we disable
+   those features in Electron, at the cost of the associated security they
+   would otherwise bring.
+3. There is only one Chromium, whereas there are many thousands of apps built
+   on Electron, all of which behave slightly differently. Accounting for those
+   differences can yield a huge possibility space, and make it challenging to
+   ensure the security of the platform in unusual use cases.
+4. We can't push security updates to users directly, so we rely on app vendors
+   to upgrade the version of Electron underlying their app in order for
+   security updates to reach users.
+
+While we make our best effort to backport Chromium security fixes to older
+versions of Electron, we do not make a guarantee that every fix will be
+backported. Your best chance at staying secure is to be on the latest stable
+version of Electron.
+
+[sandbox]: https://chromium.googlesource.com/chromium/src/+/master/docs/design/sandbox.md
+[issue-28466]: https://github.com/electron/electron/issues/28466
+[browser-window]: ../api/browser-window.md
+[enable-sandbox]: ../api/app.md#appenablesandbox
+[no-sandbox]: ../api/command-line-switches.md#--no-sandbox
+[commonjs]: https://nodejs.org/api/modules.html#modules_modules_commonjs_modules
+[webpack]: https://webpack.js.org/
+[parcel]: https://parceljs.org/
+[context-isolation]: ./context-isolation.md
+[beaker]: https://github.com/beakerbrowser/beaker

docs/tutorial/security.md

@@ -44,7 +44,7 @@ Chromium shared library and Node.js. Vulnerabilities affecting these components
 may impact the security of your application. By updating Electron to the latest
 version, you ensure that critical vulnerabilities (such as *nodeIntegration bypasses*)
 are already patched and cannot be exploited in your application. For more information,
-see "[Use a current version of Electron](#17-use-a-current-version-of-electron)".
+see "[Use a current version of Electron](#15-use-a-current-version-of-electron)".
 
 * **Evaluate your dependencies.** While NPM provides half a million reusable packages,
 it is your responsibility to choose trusted 3rd-party libraries. If you use outdated
@@ -99,9 +99,7 @@ You should at least follow these steps to improve the security of your applicati
 12. [Disable or limit navigation](#12-disable-or-limit-navigation)
 13. [Disable or limit creation of new windows](#13-disable-or-limit-creation-of-new-windows)
 14. [Do not use `openExternal` with untrusted content](#14-do-not-use-openexternal-with-untrusted-content)
-15. [Disable the `remote` module](#15-disable-the-remote-module)
-16. [Filter the `remote` module](#16-filter-the-remote-module)
-17. [Use a current version of Electron](#17-use-a-current-version-of-electron)
+15. [Use a current version of Electron](#15-use-a-current-version-of-electron)
 
 To automate the detection of misconfigurations and insecure patterns, it is
 possible to use
@@ -665,134 +663,7 @@ const { shell } = require('electron')
 shell.openExternal('https://example.com/index.html')
 ```
 
-## 15) Disable the `remote` module
-
-The `remote` module provides a way for the renderer processes to
-access APIs normally only available in the main process. Using it, a
-renderer can invoke methods of a main process object without explicitly sending
-inter-process messages. If your desktop application does not run untrusted
-content, this can be a useful way to have your renderer processes access and
-work with modules that are only available to the main process, such as
-GUI-related modules (dialogs, menus, etc.).
-
-However, if your app can run untrusted content and even if you
-[sandbox][sandbox] your renderer processes accordingly, the `remote` module
-makes it easy for malicious code to escape the sandbox and have access to
-system resources via the higher privileges of the main process. Therefore,
-it should be disabled in such circumstances.
-
-### Why?
-
-`remote` uses an internal IPC channel to communicate with the main process.
-"Prototype pollution" attacks can grant malicious code access to the internal
-IPC channel, which can then be used to escape the sandbox by mimicking `remote`
-IPC messages and getting access to main process modules running with higher
-privileges.
-
-Additionally, it's possible for preload scripts to accidentally leak modules to a
-sandboxed renderer. Leaking `remote` arms malicious code with a multitude
-of main process modules with which to perform an attack.
-
-Disabling the `remote` module eliminates these attack vectors. Enabling
-context isolation also prevents the "prototype pollution" attacks from
-succeeding.
-
-### How?
-
-```js
-// Bad if the renderer can run untrusted content
-const mainWindow = new BrowserWindow({
-  webPreferences: {
-    enableRemoteModule: true
-  }
-})
-```
-
-```js
-// Good
-const mainWindow = new BrowserWindow({
-  webPreferences: {
-    enableRemoteModule: false
-  }
-})
-```
-
-```html
-<!-- Bad if the renderer can run untrusted content  -->
-<webview enableremotemodule="true" src="page.html"></webview>
-
-<!-- Good -->
-<webview enableremotemodule="false" src="page.html"></webview>
-```
-
-> **Note:** The default value of `enableRemoteModule` is `false` starting
-> from Electron 10. For prior versions, you need to explicitly disable
-> the `remote` module by the means above.
-
-## 16) Filter the `remote` module
-
-If you cannot disable the `remote` module, you should filter the globals,
-Node, and Electron modules (so-called built-ins) accessible via `remote`
-that your application does not require. This can be done by blocking
-certain modules entirely and by replacing others with proxies that
-expose only the functionality that your app needs.
-
-### Why?
-
-Due to the system access privileges of the main process, functionality
-provided by the main process modules may be dangerous in the hands of
-malicious code running in a compromised renderer process. By limiting
-the set of accessible modules to the minimum that your app needs and
-filtering out the others, you reduce the toolset that malicious code
-can use to attack the system.
-
-Note that the safest option is to
-[fully disable the remote module](#15-disable-the-remote-module). If
-you choose to filter access rather than completely disable the module,
-you must be very careful to ensure that no escalation of privilege is
-possible through the modules you allow past the filter.
-
-### How?
-
-```js
-const readOnlyFsProxy = require(/* ... */) // exposes only file read functionality
-
-const allowedModules = new Set(['crypto'])
-const proxiedModules = new Map([['fs', readOnlyFsProxy]])
-const allowedElectronModules = new Set(['shell'])
-const allowedGlobals = new Set()
-
-app.on('remote-require', (event, webContents, moduleName) => {
-  if (proxiedModules.has(moduleName)) {
-    event.returnValue = proxiedModules.get(moduleName)
-  }
-  if (!allowedModules.has(moduleName)) {
-    event.preventDefault()
-  }
-})
-
-app.on('remote-get-builtin', (event, webContents, moduleName) => {
-  if (!allowedElectronModules.has(moduleName)) {
-    event.preventDefault()
-  }
-})
-
-app.on('remote-get-global', (event, webContents, globalName) => {
-  if (!allowedGlobals.has(globalName)) {
-    event.preventDefault()
-  }
-})
-
-app.on('remote-get-current-window', (event, webContents) => {
-  event.preventDefault()
-})
-
-app.on('remote-get-current-web-contents', (event, webContents) => {
-  event.preventDefault()
-})
-```
-
-## 17) Use a current version of Electron
+## 15) Use a current version of Electron
 
 You should strive for always using the latest available version of Electron.
 Whenever a new major version is released, you should attempt to update your
@@ -821,5 +692,5 @@ which potential security issues are not as widely known.
 [window-open-handler]: ../api/web-contents.md#contentssetwindowopenhandlerhandler
 [will-navigate]: ../api/web-contents.md#event-will-navigate
 [open-external]: ../api/shell.md#shellopenexternalurl-options
-[sandbox]: ../api/sandbox-option.md
+[sandbox]: ../tutorial/sandbox.md
 [responsible-disclosure]: https://en.wikipedia.org/wiki/Responsible_disclosure

docs/tutorial/support.md

@@ -94,7 +94,7 @@ Following platforms are supported by Electron:
 ### macOS
 
 Only 64bit binaries are provided for macOS, and the minimum macOS version
-supported is macOS 10.10 (Yosemite).
+supported is macOS 10.11 (El Capitan).
 
 Native support for Apple Silicon (`arm64`) devices was added in Electron 11.0.0.
 

docs/tutorial/using-selenium-and-webdriver.md

@@ -86,12 +86,12 @@ const driver = new webdriver.Builder()
   // The "9515" is the port opened by chrome driver.
   .usingServer('http://localhost:9515')
   .withCapabilities({
-    chromeOptions: {
+    'goog:chromeOptions': {
       // Here is the path to your Electron binary.
       binary: '/Path-to-Your-App.app/Contents/MacOS/Electron'
     }
   })
-  .forBrowser('electron')
+  .forBrowser('chrome') // note: use .forBrowser('electron') for selenium-webdriver <= 3.6.0
   .build()
 
 driver.get('http://www.google.com')

electron_paks.gni

@@ -73,7 +73,7 @@ template("electron_extra_paks") {
       "//components/resources",
       "//content:content_resources",
       "//content:dev_ui_content_resources",
-      "//content/browser/resources/media:media_internals_resources",
+      "//content/browser/resources/media:resources",
       "//content/browser/tracing:resources",
       "//content/browser/webrtc/resources",
       "//electron:resources",

electron_strings.grdp

@@ -51,6 +51,21 @@
   <message name="IDS_PICTURE_IN_PICTURE_SKIP_AD_CONTROL_TEXT" desc="Text label of the skip ad control button. The button appears when the user hovers over the Picture-in-Picture window.">
     Skip Ad
   </message>
+  <message name="IDS_PICTURE_IN_PICTURE_MUTE_MICROPHONE_TEXT" desc="Text label of the mute microphone control button. The button appears when the user hovers over the Picture-in-Picture window.">
+    Mute microphone
+  </message>
+  <message name="IDS_PICTURE_IN_PICTURE_UNMUTE_MICROPHONE_TEXT" desc="Text label of the unmute microphone control button. The button appears when the user hovers over the Picture-in-Picture window.">
+    Unmute microphone
+  </message>
+  <message name="IDS_PICTURE_IN_PICTURE_TURN_ON_CAMERA_TEXT" desc="Text label of the turn on camera control button. The button appears when the user hovers over the Picture-in-Picture window.">
+    Turn on camera
+  </message>
+  <message name="IDS_PICTURE_IN_PICTURE_TURN_OFF_CAMERA_TEXT" desc="Text label of the turn off camera control button. The button appears when the user hovers over the Picture-in-Picture window.">
+    Turn off camera
+  </message>
+  <message name="IDS_PICTURE_IN_PICTURE_HANG_UP_TEXT" desc="Text label of the hang up control button. The button appears when the user hovers over the Picture-in-Picture window.">
+    Hang up
+  </message>
   <message name="IDS_PICTURE_IN_PICTURE_CLOSE_CONTROL_TEXT" desc="Text label of the close control button. The button appears when the user hovers over the Picture-in-Picture window.">
     Close
   </message>

filenames.auto.gni

@@ -29,7 +29,6 @@ auto_filenames = {
     "docs/api/incoming-message.md",
     "docs/api/ipc-main.md",
     "docs/api/ipc-renderer.md",
-    "docs/api/locales.md",
     "docs/api/menu-item.md",
     "docs/api/menu.md",
     "docs/api/message-channel-main.md",
@@ -44,7 +43,6 @@ auto_filenames = {
     "docs/api/process.md",
     "docs/api/protocol.md",
     "docs/api/remote.md",
-    "docs/api/sandbox-option.md",
     "docs/api/screen.md",
     "docs/api/service-workers.md",
     "docs/api/session.md",

filenames.gni

@@ -404,6 +404,8 @@ filenames = {
     "shell/browser/native_window_observer.h",
     "shell/browser/net/asar/asar_url_loader.cc",
     "shell/browser/net/asar/asar_url_loader.h",
+    "shell/browser/net/asar/asar_url_loader_factory.cc",
+    "shell/browser/net/asar/asar_url_loader_factory.h",
     "shell/browser/net/cert_verifier_client.cc",
     "shell/browser/net/cert_verifier_client.h",
     "shell/browser/net/electron_url_loader_factory.cc",

lib/asar/fs-wrapper.ts

@@ -532,15 +532,17 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
       return fs.readFile(realPath, options, callback);
     }
 
+    const buffer = Buffer.alloc(info.size);
+    const fd = archive.getFd();
+    if (!(fd >= 0)) {
+      const error = createError(AsarError.NOT_FOUND, { asarPath, filePath });
+      nextTick(callback, [error]);
+      return;
+    }
+
     logASARAccess(asarPath, filePath, info.offset);
-    archive.read(info.offset, info.size).then((buf) => {
-      const buffer = Buffer.from(buf);
-      callback(null, encoding ? buffer.toString(encoding) : buffer);
-    }, (err) => {
-      const error: AsarErrorObject = new Error(`EINVAL, ${err.message} while reading ${filePath} in ${asarPath}`);
-      error.code = 'EINVAL';
-      error.errno = -22;
-      callback(error);
+    fs.read(fd, buffer, 0, info.size, info.offset, (error: Error) => {
+      callback(error, encoding ? buffer.toString(encoding) : buffer);
     });
   };
 
@@ -573,19 +575,13 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
     }
 
     const { encoding } = options;
+    const buffer = Buffer.alloc(info.size);
+    const fd = archive.getFd();
+    if (!(fd >= 0)) throw createError(AsarError.NOT_FOUND, { asarPath, filePath });
 
     logASARAccess(asarPath, filePath, info.offset);
-    let arrayBuffer: ArrayBuffer;
-    try {
-      arrayBuffer = archive.readSync(info.offset, info.size);
-    } catch (err) {
-      const error: AsarErrorObject = new Error(`EINVAL, ${err.message} while reading ${filePath} in ${asarPath}`);
-      error.code = 'EINVAL';
-      error.errno = -22;
-      throw error;
-    }
-    const buffer = Buffer.from(arrayBuffer);
-    return encoding ? buffer.toString(encoding) : buffer;
+    fs.readSync(fd, buffer, 0, info.size, info.offset);
+    return (encoding) ? buffer.toString(encoding) : buffer;
   };
 
   const { readdir } = fs;
@@ -697,17 +693,12 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
       return [str, str.length > 0];
     }
 
+    const buffer = Buffer.alloc(info.size);
+    const fd = archive.getFd();
+    if (!(fd >= 0)) return [];
+
     logASARAccess(asarPath, filePath, info.offset);
-    let arrayBuffer: ArrayBuffer;
-    try {
-      arrayBuffer = archive.readSync(info.offset, info.size);
-    } catch (err) {
-      const error: AsarErrorObject = new Error(`EINVAL, ${err.message} while reading ${filePath} in ${asarPath}`);
-      error.code = 'EINVAL';
-      error.errno = -22;
-      throw error;
-    }
-    const buffer = Buffer.from(arrayBuffer);
+    fs.readSync(fd, buffer, 0, info.size, info.offset);
     const str = buffer.toString('utf8');
     return [str, str.length > 0];
   };

lib/browser/api/app.ts

@@ -63,6 +63,9 @@ Object.defineProperty(app, 'applicationMenu', {
   return execFile !== 'electron';
 })();
 
+// The native implementation is not provided on non-windows platforms
+app.setAppUserModelId = app.setAppUserModelId || (() => {});
+
 app._setDefaultAppPaths = (packagePath) => {
   // Set the user path according to application's name.
   app.setPath('userData', path.join(app.getPath('appData'), app.name!));

lib/browser/api/crash-reporter.ts

@@ -10,13 +10,13 @@ class CrashReporter {
       extra = {},
       globalExtra = {},
       ignoreSystemCrashHandler = false,
-      submitURL,
+      submitURL = '',
       uploadToServer = true,
       rateLimit = false,
       compress = true
     } = options || {};
 
-    if (submitURL == null) throw new Error('submitURL is a required option to crashReporter.start');
+    if (uploadToServer && !submitURL) throw new Error('submitURL must be specified when uploadToServer is true');
 
     if (!compress) {
       deprecate.log('Sending uncompressed crash reports is deprecated and will be removed in a future version of Electron. Set { compress: true } to opt-in to the new behavior. Crash reports will be uploaded gzipped, which most crash reporting servers support.');

lib/browser/api/dialog.ts

@@ -2,10 +2,10 @@ import { app, BrowserWindow } from 'electron/main';
 import type { OpenDialogOptions, OpenDialogReturnValue, MessageBoxOptions, SaveDialogOptions, SaveDialogReturnValue, MessageBoxReturnValue, CertificateTrustDialogOptions } from 'electron/main';
 const dialogBinding = process._linkedBinding('electron_browser_dialog');
 
-const DialogType = {
-  OPEN: 'OPEN' as 'OPEN',
-  SAVE: 'SAVE' as 'SAVE'
-};
+enum DialogType {
+  OPEN = 'OPEN',
+  SAVE = 'SAVE'
+}
 
 enum SaveFileDialogProperties {
   createDirectory = 1 << 0,
@@ -72,7 +72,7 @@ const setupSaveDialogProperties = (properties: (keyof typeof SaveFileDialogPrope
   return dialogProperties;
 };
 
-const setupDialogProperties = (type: keyof typeof DialogType, properties: string[]): number => {
+const setupDialogProperties = (type: DialogType, properties: string[]): number => {
   if (type === DialogType.OPEN) {
     return setupOpenDialogProperties(properties as (keyof typeof OpenFileDialogProperties)[]);
   } else if (type === DialogType.SAVE) {

lib/browser/api/menu.ts

@@ -177,7 +177,7 @@ Menu.setApplicationMenu = function (menu: MenuType) {
     bindings.setApplicationMenu(menu);
   } else {
     const windows = BaseWindow.getAllWindows();
-    return windows.map(w => w.setMenu(menu));
+    windows.map(w => w.setMenu(menu));
   }
 };
 

lib/browser/api/net.ts

@@ -188,6 +188,11 @@ class ChunkedBodyStream extends Writable {
     this._downstream = pipe;
     if (this._pendingChunk) {
       const doneWriting = (maybeError: Error | void) => {
+        // If the underlying request has been aborted, we honeslty don't care about the error
+        // all work should cease as soon as we abort anyway, this error is probably a
+        // "mojo pipe disconnected" error (code=9)
+        if (this._clientRequest._aborted) return;
+
         const cb = this._pendingCallback!;
         delete this._pendingCallback;
         delete this._pendingChunk;

lib/browser/api/web-contents.ts

@@ -1,5 +1,5 @@
 import { app, ipcMain, session, deprecate, webFrameMain } from 'electron/main';
-import type { BrowserWindowConstructorOptions, MenuItem, MenuItemConstructorOptions, LoadURLOptions } from 'electron/main';
+import type { BrowserWindowConstructorOptions, LoadURLOptions } from 'electron/main';
 
 import * as url from 'url';
 import * as path from 'path';
@@ -61,7 +61,7 @@ const PDFPageSizes: Record<string, ElectronInternal.MediaSize> = {
     width_microns: 279400,
     custom_display_name: 'Tabloid'
   }
-};
+} as const;
 
 // The minimum micron size Chromium accepts is that where:
 // Per printing/units.h:
@@ -94,6 +94,7 @@ const defaultPrintingSetting = {
   pagesPerSheet: 1,
   isFirstRequest: false,
   previewUIID: 0,
+  // True, if the document source is modifiable. e.g. HTML and not PDF.
   previewModifiable: true,
   printToPDF: true,
   deviceName: 'Save as PDF',
@@ -109,7 +110,7 @@ const defaultPrintingSetting = {
   printerType: 2,
   title: undefined as string | undefined,
   url: undefined as string | undefined
-};
+} as const;
 
 // JavaScript implementations of WebContents.
 const binding = process._linkedBinding('electron_browser_web_contents');
@@ -191,7 +192,7 @@ WebContents.prototype.executeJavaScriptInIsolatedWorld = async function (worldId
 
 let pendingPromise: Promise<any> | undefined;
 WebContents.prototype.printToPDF = async function (options) {
-  const printSettings = {
+  const printSettings: Record<string, any> = {
     ...defaultPrintingSetting,
     requestID: getNextId()
   };
@@ -432,7 +433,11 @@ WebContents.prototype._callWindowOpenHandler = function (event: Electron.Event,
     event.preventDefault();
     return null;
   } else if (response.action === 'allow') {
-    if (typeof response.overrideBrowserWindowOptions === 'object' && response.overrideBrowserWindowOptions !== null) { return response.overrideBrowserWindowOptions; } else { return {}; }
+    if (typeof response.overrideBrowserWindowOptions === 'object' && response.overrideBrowserWindowOptions !== null) {
+      return response.overrideBrowserWindowOptions;
+    } else {
+      return {};
+    }
   } else {
     event.preventDefault();
     console.error('The window open handler response must be an object with an \'action\' property of \'allow\' or \'deny\'.');
@@ -546,18 +551,6 @@ WebContents.prototype._init = function () {
     ipcMain.emit(channel, event, message);
   });
 
-  // Handle context menu action request from pepper plugin.
-  this.on('pepper-context-menu' as any, function (event: ElectronInternal.Event, params: {x: number, y: number, menu: Array<(MenuItemConstructorOptions) | (MenuItem)>}, callback: () => void) {
-    // Access Menu via electron.Menu to prevent circular require.
-    const menu = require('electron').Menu.buildFromTemplate(params.menu);
-    menu.popup({
-      window: event.sender.getOwnerBrowserWindow(),
-      x: params.x,
-      y: params.y,
-      callback
-    });
-  });
-
   this.on('crashed', (event, ...args) => {
     app.emit('renderer-process-crashed', event, this, ...args);
   });
@@ -580,19 +573,22 @@ WebContents.prototype._init = function () {
     // Make new windows requested by links behave like "window.open".
     this.on('-new-window' as any, (event: ElectronInternal.Event, url: string, frameName: string, disposition: string,
       rawFeatures: string, referrer: Electron.Referrer, postData: PostData) => {
-      openGuestWindow({
-        event,
-        embedder: event.sender,
-        disposition,
-        referrer,
-        postData,
-        overrideBrowserWindowOptions: {},
-        windowOpenArgs: {
-          url,
-          frameName,
-          features: rawFeatures
-        }
-      });
+      const options = this._callWindowOpenHandler(event, url, frameName, rawFeatures);
+      if (!event.defaultPrevented) {
+        openGuestWindow({
+          event,
+          embedder: event.sender,
+          disposition,
+          referrer,
+          postData,
+          overrideBrowserWindowOptions: options || {},
+          windowOpenArgs: {
+            url,
+            frameName,
+            features: rawFeatures
+          }
+        });
+      }
     });
 
     let windowOpenOverriddenOptions: BrowserWindowConstructorOptions | null = null;
@@ -604,6 +600,7 @@ WebContents.prototype._init = function () {
           // it's technically a BrowserWindowConstructorOptions option because
           // we need to access it in the renderer at init time.
           backgroundColor: windowOpenOverriddenOptions.backgroundColor,
+          transparent: windowOpenOverriddenOptions.transparent,
           ...windowOpenOverriddenOptions.webPreferences
         } : undefined;
         this._setNextChildWebPreferences(

lib/browser/default-menu.ts

@@ -27,7 +27,7 @@ export const setDefaultApplicationMenu = () => {
       {
         label: 'Community Discussions',
         click: async () => {
-          await shell.openExternal('https://discuss.atom.io/c/electron');
+          await shell.openExternal('https://discord.gg/electron');
         }
       },
       {

lib/browser/guest-window-manager.ts

@@ -42,7 +42,6 @@ export function openGuestWindow ({ event, embedder, guest, referrer, disposition
   windowOpenArgs: WindowOpenArgs,
 }): BrowserWindow | undefined {
   const { url, frameName, features } = windowOpenArgs;
-  const isNativeWindowOpen = !!guest;
   const { options: browserWindowOptions, additionalFeatures } = makeBrowserWindowOptions({
     embedder,
     features,
@@ -57,6 +56,7 @@ export function openGuestWindow ({ event, embedder, guest, referrer, disposition
     windowOpenArgs,
     additionalFeatures,
     disposition,
+    postData,
     referrer
   });
   if (didCancelEvent) return;
@@ -74,11 +74,14 @@ export function openGuestWindow ({ event, embedder, guest, referrer, disposition
     webContents: guest,
     ...browserWindowOptions
   });
-  if (!isNativeWindowOpen) {
+  if (!guest) {
     // We should only call `loadURL` if the webContents was constructed by us in
     // the case of BrowserWindowProxy (non-sandboxed, nativeWindowOpen: false),
     // as navigating to the url when creating the window from an existing
     // webContents is not necessary (it will navigate there anyway).
+    // This can also happen if we enter this function from OpenURLFromTab, in
+    // which case the browser process is responsible for initiating navigation
+    // in the new window.
     window.loadURL(url, {
       httpReferrer: referrer,
       ...(postData && {
@@ -146,7 +149,7 @@ function emitDeprecatedNewWindowEvent ({ event, embedder, guest, windowOpenArgs,
   const isWebViewWithPopupsDisabled = embedder.getType() === 'webview' && embedder.getLastWebPreferences().disablePopups;
   const postBody = postData ? {
     data: postData,
-    headers: formatPostDataHeaders(postData as Electron.UploadRawData[])
+    ...parseContentTypeFormat(postData)
   } : null;
 
   embedder.emit(
@@ -276,22 +279,40 @@ function getDeprecatedInheritedOptions (embedder: WebContents) {
   return inheritableOptions;
 }
 
-function formatPostDataHeaders (postData: Electron.UploadRawData[]) {
+function formatPostDataHeaders (postData: PostData) {
   if (!postData) return;
 
-  let extraHeaders = 'content-type: application/x-www-form-urlencoded';
+  const { contentType, boundary } = parseContentTypeFormat(postData);
+  if (boundary != null) { return `content-type: ${contentType}; boundary=${boundary}`; }
 
-  if (postData.length > 0) {
-    const postDataFront = postData[0].bytes.toString();
-    const boundary = /^--.*[^-\r\n]/.exec(
-      postDataFront
-    );
-    if (boundary != null) {
-      extraHeaders = `content-type: multipart/form-data; boundary=${boundary[0].substr(
-        2
-      )}`;
+  return `content-type: ${contentType}`;
+}
+
+const MULTIPART_CONTENT_TYPE = 'multipart/form-data';
+const URL_ENCODED_CONTENT_TYPE = 'application/x-www-form-urlencoded';
+
+// Figure out appropriate headers for post data.
+const parseContentTypeFormat = function (postData: Exclude<PostData, undefined>) {
+  if (postData.length) {
+    if (postData[0].type === 'rawData') {
+      // For multipart forms, the first element will start with the boundary
+      // notice, which looks something like `------WebKitFormBoundary12345678`
+      // Note, this regex would fail when submitting a urlencoded form with an
+      // input attribute of name="--theKey", but, uhh, don't do that?
+      const postDataFront = postData[0].bytes.toString();
+      const boundary = /^--.*[^-\r\n]/.exec(postDataFront);
+      if (boundary) {
+        return {
+          boundary: boundary[0].substr(2),
+          contentType: MULTIPART_CONTENT_TYPE
+        };
+      }
     }
   }
-
-  return extraHeaders;
-}
+  // Either the form submission didn't contain any inputs (the postData array
+  // was empty), or we couldn't find the boundary and thus we can assume this is
+  // a key=value style form.
+  return {
+    contentType: URL_ENCODED_CONTENT_TYPE
+  };
+};

lib/common/parse-features-string.ts

@@ -62,7 +62,7 @@ export function parseCommaSeparatedKeyValue (source: string, useSoonToBeDeprecat
   for (const keyValuePair of source.split(',')) {
     const [key, value] = keyValuePair.split('=').map(str => str.trim());
     if (useSoonToBeDeprecatedBehaviorForBareKeys && value === undefined) {
-      bareKeys.push(key);
+      if (key) { bareKeys.push(key); }
       continue;
     }
     parsed[key] = coerce(key, value);

lib/common/web-view-events.ts

@@ -1,4 +1,4 @@
-export const webViewEvents: Record<string, string[]> = {
+export const webViewEvents: Record<string, readonly string[]> = {
   'load-commit': ['url', 'isMainFrame'],
   'did-attach': [],
   'did-finish-load': [],
@@ -33,4 +33,4 @@ export const webViewEvents: Record<string, string[]> = {
   'found-in-page': ['result'],
   'did-change-theme-color': ['themeColor'],
   'update-target-url': ['url']
-};
+} as const;

lib/renderer/init.ts

@@ -39,6 +39,10 @@ require('@electron/internal/common/init');
 // The global variable will be used by ipc for event dispatching
 const v8Util = process._linkedBinding('electron_common_v8_util');
 
+// Expose process.contextId
+const contextId = v8Util.getHiddenValue<string>(global, 'contextId');
+Object.defineProperty(process, 'contextId', { enumerable: true, value: contextId });
+
 const { ipcRendererInternal } = require('@electron/internal/renderer/ipc-renderer-internal');
 const ipcRenderer = require('@electron/internal/renderer/api/ipc-renderer').default;
 

lib/renderer/web-view/guest-view-internal.ts

@@ -8,7 +8,7 @@ import { IPC_MESSAGES } from '@electron/internal/common/ipc-messages';
 
 const DEPRECATED_EVENTS: Record<string, string> = {
   'page-title-updated': 'page-title-set'
-};
+} as const;
 
 const dispatchEvent = function (
   webView: WebViewImpl, eventName: string, eventKey: string, ...args: Array<any>

lib/renderer/web-view/web-view-impl.ts

@@ -162,7 +162,7 @@ export class WebViewImpl {
 
   // Emits focus/blur events.
   onFocusChange () {
-    const hasFocus = document.activeElement === this.webviewNode;
+    const hasFocus = this.webviewNode.ownerDocument.activeElement === this.webviewNode;
     if (hasFocus !== this.hasFocus) {
       this.hasFocus = hasFocus;
       this.dispatchEvent(hasFocus ? 'focus' : 'blur');

lib/sandboxed_renderer/init.ts

@@ -89,6 +89,10 @@ Object.defineProperty(preloadProcess, 'noDeprecation', {
   }
 });
 
+// Expose process.contextId
+const contextId = v8Util.getHiddenValue<string>(global, 'contextId');
+Object.defineProperty(preloadProcess, 'contextId', { enumerable: true, value: contextId });
+
 process.on('loaded', () => (preloadProcess as events.EventEmitter).emit('loaded'));
 process.on('exit', () => (preloadProcess as events.EventEmitter).emit('exit'));
 (process as events.EventEmitter).on('document-start', () => (preloadProcess as events.EventEmitter).emit('document-start'));

package.json

@@ -1,6 +1,6 @@
 {
   "name": "electron",
-  "version": "13.0.0-nightly.20210303",
+  "version": "13.0.0-beta.27",
   "repository": "https://github.com/electron/electron",
   "description": "Build cross platform desktop apps with JavaScript, HTML, and CSS",
   "devDependencies": {
@@ -64,7 +64,6 @@
     "shx": "^0.3.2",
     "standard-markdown": "^6.0.0",
     "stream-json": "^1.7.1",
-    "sumchecker": "^2.0.2",
     "tap-xunit": "^2.4.1",
     "temp": "^0.8.3",
     "timers-browserify": "1.4.2",

patches/boringssl/expose_aes-cfb.patch

@@ -57,7 +57,7 @@ index 53cb9d2dc8f1962a70dc12b648d27c32be8aca4b..84af06fc56e4aa72d4d48801d7c037ad
    callback(EVP_aes_192_ctr(), "aes-192-ctr", NULL, arg);
    callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg);
 diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h
-index c6bec489b51ca2e71b7f81e64a8e59b534e2e91a..512a9003164e65bd4ab896ef75b173dab3a8d1db 100644
+index badd496293fb9748adacff10478ea702d1155c5f..8565934bac9a810281b04946cb9f38d7623320f7 100644
 --- a/include/openssl/cipher.h
 +++ b/include/openssl/cipher.h
 @@ -430,6 +430,7 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_ecb(void);

patches/boringssl/expose_ripemd160.patch

@@ -10,10 +10,10 @@ this patch is required to provide ripemd160 support in the nodejs crypto
 module.
 
 diff --git a/crypto/digest_extra/digest_extra.c b/crypto/digest_extra/digest_extra.c
-index 4b4bb38135e6089eaf6f47afda0199567a2397ef..43b7eca808b82a032055f56ce726ce4f38c5f2c5 100644
+index 311c5cba0e359a20b34ba6c7ee84c34b6068049f..c4638d40aab0a4b9612216d68cd7fb50823a0ae6 100644
 --- a/crypto/digest_extra/digest_extra.c
 +++ b/crypto/digest_extra/digest_extra.c
-@@ -81,6 +81,7 @@ static const struct nid_to_digest nid_to_digest_mapping[] = {
+@@ -83,6 +83,7 @@ static const struct nid_to_digest nid_to_digest_mapping[] = {
      {NID_sha384, EVP_sha384, SN_sha384, LN_sha384},
      {NID_sha512, EVP_sha512, SN_sha512, LN_sha512},
      {NID_md5_sha1, EVP_md5_sha1, SN_md5_sha1, LN_md5_sha1},
@@ -80,10 +80,10 @@ index d540144b293297791c087e0b968a47d368a73695..53cb9d2dc8f1962a70dc12b648d27c32
 +  callback(EVP_ripemd160(), "ripemd160", NULL, arg);
  }
 diff --git a/include/openssl/digest.h b/include/openssl/digest.h
-index 8e398e8b87f199cf947e097cf99e175bfc9870da..6c0ce559681817cae3273a50e6533468f17177ee 100644
+index 66f1b5dcfd8232a697145acb2b6c2efe890d543f..67fc522172dc3ab56787fa5db3c277fd4811474a 100644
 --- a/include/openssl/digest.h
 +++ b/include/openssl/digest.h
-@@ -89,6 +89,9 @@ OPENSSL_EXPORT const EVP_MD *EVP_sha512_256(void);
+@@ -90,6 +90,9 @@ OPENSSL_EXPORT const EVP_MD *EVP_blake2b256(void);
  // MD5 and SHA-1, as used in TLS 1.1 and below.
  OPENSSL_EXPORT const EVP_MD *EVP_md5_sha1(void);
  

patches/chromium/.patches

@@ -41,7 +41,6 @@ proxy_config_monitor.patch
 gritsettings_resource_ids.patch
 isolate_holder.patch
 notification_provenance.patch
-content_browser_main_loop.patch
 dump_syms.patch
 command-ismediakey.patch
 printing.patch
@@ -50,7 +49,6 @@ fix_disable_usage_of_abort_report_np_in_mas_builds.patch
 fix_disable_usage_of_pthread_fchdir_np_and_pthread_chdir_np_in_mas.patch
 fix_disable_usage_of_setapplicationisdaemon_and.patch
 unsandboxed_ppapi_processes_skip_zygote.patch
-patch_the_ensure_gn_version_py_script_to_work_on_mac_ci.patch
 build_add_electron_tracing_category.patch
 worker_context_will_destroy.patch
 frame_host_manager.patch
@@ -100,10 +98,13 @@ fix_use_electron_generated_resources.patch
 chore_expose_v8_initialization_isolate_callbacks.patch
 export_gin_v8platform_pageallocator_for_usage_outside_of_the_gin.patch
 use_public_apis_to_determine_if_a_font_is_a_system_font_in_mas_build.patch
-fix_setparentacessibile_crash_win.patch
 fix_export_zlib_symbols.patch
 don_t_use_potentially_null_getwebframe_-_view_when_get_blink.patch
 web_contents.patch
-add_trustedauthclient_to_urlloaderfactory.patch
 fix_route_mouse_event_navigations_through_the_web_contents_delegate.patch
 disable_unload_metrics.patch
+fix_add_check_for_sandbox_then_result.patch
+moves_background_color_setter_of_webview_to_blinks_webprefs_logic.patch
+fix_expose_decrementcapturercount_in_web_contents_impl.patch
+add_setter_for_browsermainloop_result_code.patch
+cherry-pick-8089dbfc616f.patch

patches/chromium/accelerator.patch

@@ -10,28 +10,28 @@ This patch makes three changes to Accelerator::GetShortcutText to improve shortc
 3. Ctrl-Shift-= should show as Ctrl-+
 
 diff --git a/ui/base/accelerators/accelerator.cc b/ui/base/accelerators/accelerator.cc
-index 17e1739c12ee38864e735130792321adadb43f08..7b0bfec6f18e883eb7ad7e3bfe564163592f584e 100644
+index c44f3d3752025bd3f11db790a97a48e8ba856034..8e0c1446315823a391614b19aa2c4ba2e5faed0d 100644
 --- a/ui/base/accelerators/accelerator.cc
 +++ b/ui/base/accelerators/accelerator.cc
-@@ -12,6 +12,7 @@
+@@ -11,6 +11,7 @@
+ #include "base/i18n/rtl.h"
  #include "base/notreached.h"
- #include "base/strings/strcat.h"
  #include "base/strings/string_util.h"
 +#include "base/strings/stringprintf.h"
  #include "base/strings/utf_string_conversions.h"
  #include "build/build_config.h"
  #include "build/chromeos_buildflags.h"
-@@ -24,9 +25,7 @@
+@@ -27,9 +28,7 @@
  #include <windows.h>
  #endif
  
--#if !defined(OS_WIN) && (defined(USE_AURA) || defined(OS_APPLE))
+-#if !defined(OS_WIN) && (defined(USE_AURA) || defined(OS_MAC))
  #include "ui/events/keycodes/keyboard_code_conversion.h"
 -#endif
  
  #if BUILDFLAG(IS_CHROMEOS_ASH)
  #include "ui/base/ui_base_features.h"
-@@ -205,7 +204,15 @@ base::string16 Accelerator::GetShortcutText() const {
+@@ -208,7 +207,15 @@ std::u16string Accelerator::GetShortcutText() const {
    shortcut = KeyCodeToName();
  #endif
  
@@ -41,13 +41,13 @@ index 17e1739c12ee38864e735130792321adadb43f08..7b0bfec6f18e883eb7ad7e3bfe564163
 +        UsLayoutKeyboardCodeToDomCode(key_code_), flags);
 +    if (c != 0) {
 +      shortcut =
-+          static_cast<base::string16::value_type>(
-+              base::ToUpperASCII(static_cast<base::char16>(c)));
++          static_cast<std::u16string::value_type>(
++              base::ToUpperASCII(static_cast<char16_t>(c)));
 +    }
  #if defined(OS_WIN)
      // Our fallback is to try translate the key code to a regular character
      // unless it is one of digits (VK_0 to VK_9). Some keyboard
-@@ -214,21 +221,14 @@ base::string16 Accelerator::GetShortcutText() const {
+@@ -217,21 +224,14 @@ std::u16string Accelerator::GetShortcutText() const {
      // accent' for '0'). For display in the menu (e.g. Ctrl-0 for the
      // default zoom level), we leave VK_[0-9] alone without translation.
      wchar_t key;
@@ -60,12 +60,12 @@ index 17e1739c12ee38864e735130792321adadb43f08..7b0bfec6f18e883eb7ad7e3bfe564163
 -    // VKEY_UNKNOWN), |::MapVirtualKeyW| returns 0.
 -    if (key != 0)
 -      shortcut += key;
--#elif defined(USE_AURA) || defined(OS_APPLE) || defined(OS_ANDROID)
+-#elif defined(USE_AURA) || defined(OS_MAC) || defined(OS_ANDROID)
 -    const uint16_t c = DomCodeToUsLayoutCharacter(
 -        UsLayoutKeyboardCodeToDomCode(key_code_), false);
 -    if (c != 0)
 -      shortcut +=
--          static_cast<base::string16::value_type>(base::ToUpperASCII(c));
+-          static_cast<std::u16string::value_type>(base::ToUpperASCII(c));
 +      shortcut = key;
 +    }
  #endif
@@ -74,13 +74,13 @@ index 17e1739c12ee38864e735130792321adadb43f08..7b0bfec6f18e883eb7ad7e3bfe564163
 +          base::StringPrintf("F%d", key_code_ - VKEY_F1 + 1));
    }
  
- #if defined(OS_APPLE)
-@@ -411,7 +411,7 @@ base::string16 Accelerator::ApplyLongFormModifiers(
+ #if defined(OS_MAC)
+@@ -427,7 +427,7 @@ std::u16string Accelerator::ApplyLongFormModifiers(
    // more information.
    if (IsCtrlDown())
-     shortcut = ApplyModifierToAcceleratorString(shortcut, IDS_APP_CTRL_KEY);
+     result = ApplyModifierToAcceleratorString(result, IDS_APP_CTRL_KEY);
 -  else if (IsAltDown())
 +  if (IsAltDown())
-     shortcut = ApplyModifierToAcceleratorString(shortcut, IDS_APP_ALT_KEY);
+     result = ApplyModifierToAcceleratorString(result, IDS_APP_ALT_KEY);
  
    if (IsCmdDown()) {

patches/chromium/add_contentgpuclient_precreatemessageloop_callback.patch

@@ -10,10 +10,10 @@ Allows Electron to restore WER when ELECTRON_DEFAULT_ERROR_MODE is set.
 This should be upstreamed.
 
 diff --git a/content/gpu/gpu_main.cc b/content/gpu/gpu_main.cc
-index 5bcbb68864ed193a519b34a37f1e50c29422235a..c33f108158538c49f9d4d27b8fa89852e829c787 100644
+index b3afa0e60f45a10cfe97b129996e1d9489b09a7d..24984b2be369908d72a9493ebb0fa0f9c3e5fc7e 100644
 --- a/content/gpu/gpu_main.cc
 +++ b/content/gpu/gpu_main.cc
-@@ -261,6 +261,10 @@ int GpuMain(const MainFunctionParams& parameters) {
+@@ -265,6 +265,10 @@ int GpuMain(const MainFunctionParams& parameters) {
    // to the GpuProcessHost once the GpuServiceImpl has started.
    viz::GpuServiceImpl::InstallPreInitializeLogHandler();
  
@@ -24,7 +24,7 @@ index 5bcbb68864ed193a519b34a37f1e50c29422235a..c33f108158538c49f9d4d27b8fa89852
    // We are experiencing what appear to be memory-stomp issues in the GPU
    // process. These issues seem to be impacting the task executor and listeners
    // registered to it. Create the task executor on the heap to guard against
-@@ -398,7 +402,6 @@ int GpuMain(const MainFunctionParams& parameters) {
+@@ -402,7 +406,6 @@ int GpuMain(const MainFunctionParams& parameters) {
    }
  #endif
  

patches/chromium/add_didinstallconditionalfeatures.patch

@@ -10,10 +10,10 @@ DidCreateScriptContext is called, not all JS APIs are available in the
 context, which can cause some preload scripts to trip.
 
 diff --git a/content/public/renderer/render_frame_observer.h b/content/public/renderer/render_frame_observer.h
-index 7d2ebf0d8a14fd89e32e35631428f43aed259c16..8efabb6b7825f6fab019d7f83e185a953bb589f1 100644
+index 5a733f2086ec10d3010da52a2758e1748d1178e1..d8c7ef2e3c03f5275c1ed58849ec892f811165ef 100644
 --- a/content/public/renderer/render_frame_observer.h
 +++ b/content/public/renderer/render_frame_observer.h
-@@ -126,6 +126,8 @@ class CONTENT_EXPORT RenderFrameObserver : public IPC::Listener,
+@@ -128,6 +128,8 @@ class CONTENT_EXPORT RenderFrameObserver : public IPC::Listener,
    virtual void DidHandleOnloadEvents() {}
    virtual void DidCreateScriptContext(v8::Local<v8::Context> context,
                                        int32_t world_id) {}
@@ -23,10 +23,10 @@ index 7d2ebf0d8a14fd89e32e35631428f43aed259c16..8efabb6b7825f6fab019d7f83e185a95
                                          int32_t world_id) {}
    virtual void DidClearWindowObject() {}
 diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc
-index a52fcdfcb01d8f9bf5739ba4c4bf47e610f19107..74f4881d51e671e178f8d4ff32a49b0010e9efb2 100644
+index 580974507f1a3007564e43b75142772b690a22c5..8999d6bbb3acc55dbedc2b36cca03862614f139f 100644
 --- a/content/renderer/render_frame_impl.cc
 +++ b/content/renderer/render_frame_impl.cc
-@@ -4666,6 +4666,12 @@ void RenderFrameImpl::DidCreateScriptContext(v8::Local<v8::Context> context,
+@@ -4540,6 +4540,12 @@ void RenderFrameImpl::DidCreateScriptContext(v8::Local<v8::Context> context,
      observer.DidCreateScriptContext(context, world_id);
  }
  
@@ -40,10 +40,10 @@ index a52fcdfcb01d8f9bf5739ba4c4bf47e610f19107..74f4881d51e671e178f8d4ff32a49b00
                                                 int world_id) {
    for (auto& observer : observers_)
 diff --git a/content/renderer/render_frame_impl.h b/content/renderer/render_frame_impl.h
-index 9d100f04d9f094320eb99fbaba58c3da1b860ab7..80226249efe0f6192a27e2d55f2f7f57912453b0 100644
+index 74944d9fb6ba23c001217607bc9f07c65761b26c..7ffdbb65978239dff50403fedb5c0bcf4d00c231 100644
 --- a/content/renderer/render_frame_impl.h
 +++ b/content/renderer/render_frame_impl.h
-@@ -598,6 +598,8 @@ class CONTENT_EXPORT RenderFrameImpl
+@@ -579,6 +579,8 @@ class CONTENT_EXPORT RenderFrameImpl
        blink::WebLocalFrameClient::LazyLoadBehavior lazy_load_behavior) override;
    void DidCreateScriptContext(v8::Local<v8::Context> context,
                                int world_id) override;
@@ -53,10 +53,10 @@ index 9d100f04d9f094320eb99fbaba58c3da1b860ab7..80226249efe0f6192a27e2d55f2f7f57
                                  int world_id) override;
    void DidChangeScrollOffset() override;
 diff --git a/third_party/blink/public/web/web_local_frame_client.h b/third_party/blink/public/web/web_local_frame_client.h
-index 507da809f6d3448dffab4816c0675ece6cb35ba6..2711f5de447714bc1110f9abb559332bb0c4bddf 100644
+index 883f83327a5b04ad56d82b91e1c7d8fa674324b1..2b7d8e13dcde8cd916c1d0a804883415b2b23a16 100644
 --- a/third_party/blink/public/web/web_local_frame_client.h
 +++ b/third_party/blink/public/web/web_local_frame_client.h
-@@ -567,6 +567,9 @@ class BLINK_EXPORT WebLocalFrameClient {
+@@ -570,6 +570,9 @@ class BLINK_EXPORT WebLocalFrameClient {
    virtual void DidCreateScriptContext(v8::Local<v8::Context>,
                                        int32_t world_id) {}
  
@@ -67,7 +67,7 @@ index 507da809f6d3448dffab4816c0675ece6cb35ba6..2711f5de447714bc1110f9abb559332b
    virtual void WillReleaseScriptContext(v8::Local<v8::Context>,
                                          int32_t world_id) {}
 diff --git a/third_party/blink/renderer/bindings/core/v8/local_window_proxy.cc b/third_party/blink/renderer/bindings/core/v8/local_window_proxy.cc
-index be5cf4457cd379d5abc119d209d2df6520ad1022..8a0baac5bb8cb403324fb8156be62b924d6d3d1a 100644
+index 50aa1b94ac6aab922f570d78f06096226d428c33..7af7ad0b7ed50dfc1ac061a915d3a99291afaec4 100644
 --- a/third_party/blink/renderer/bindings/core/v8/local_window_proxy.cc
 +++ b/third_party/blink/renderer/bindings/core/v8/local_window_proxy.cc
 @@ -188,6 +188,7 @@ void LocalWindowProxy::Initialize() {
@@ -79,10 +79,10 @@ index be5cf4457cd379d5abc119d209d2df6520ad1022..8a0baac5bb8cb403324fb8156be62b92
    if (World().IsMainWorld()) {
      GetFrame()->Loader().DispatchDidClearWindowObjectInMainWorld();
 diff --git a/third_party/blink/renderer/core/frame/local_frame_client.h b/third_party/blink/renderer/core/frame/local_frame_client.h
-index 9a526ac4808171693146870909e058f41fe56a50..a15e379ee951504fd77b27af61b318d266274b3d 100644
+index 44b4f8358fdf0f7a4e00d4ee83a2feea7b794831..7465839150f14856ce6c5e3d47959060cb9bdac8 100644
 --- a/third_party/blink/renderer/core/frame/local_frame_client.h
 +++ b/third_party/blink/renderer/core/frame/local_frame_client.h
-@@ -294,6 +294,8 @@ class CORE_EXPORT LocalFrameClient : public FrameClient {
+@@ -295,6 +295,8 @@ class CORE_EXPORT LocalFrameClient : public FrameClient {
  
    virtual void DidCreateScriptContext(v8::Local<v8::Context>,
                                        int32_t world_id) = 0;
@@ -92,10 +92,10 @@ index 9a526ac4808171693146870909e058f41fe56a50..a15e379ee951504fd77b27af61b318d2
                                          int32_t world_id) = 0;
    virtual bool AllowScriptExtensions() = 0;
 diff --git a/third_party/blink/renderer/core/frame/local_frame_client_impl.cc b/third_party/blink/renderer/core/frame/local_frame_client_impl.cc
-index 0e71a094d9b67a6d1f5fb298d7057495e3a37803..cb7bfe7d79d6024b390c77285c2d47150a391c63 100644
+index 4d123e82b733cac98f0da49ca5b0424d7f17a301..c59ca72a29aedd83f6f029217c57c5246af28e70 100644
 --- a/third_party/blink/renderer/core/frame/local_frame_client_impl.cc
 +++ b/third_party/blink/renderer/core/frame/local_frame_client_impl.cc
-@@ -342,6 +342,13 @@ void LocalFrameClientImpl::DidCreateScriptContext(
+@@ -272,6 +272,13 @@ void LocalFrameClientImpl::DidCreateScriptContext(
      web_frame_->Client()->DidCreateScriptContext(context, world_id);
  }
  
@@ -110,7 +110,7 @@ index 0e71a094d9b67a6d1f5fb298d7057495e3a37803..cb7bfe7d79d6024b390c77285c2d4715
      v8::Local<v8::Context> context,
      int32_t world_id) {
 diff --git a/third_party/blink/renderer/core/frame/local_frame_client_impl.h b/third_party/blink/renderer/core/frame/local_frame_client_impl.h
-index 28d83f87c1582c8df6209f5d0a9aef130f0a4bea..3822c88091dfc803c4c57256e04bbc3946f8a869 100644
+index 76643c8cd72ca5730333bf8e16e65d82e691c0cb..2fb28ccbe9343de7835ec3b5c71c0c1bfdd7d744 100644
 --- a/third_party/blink/renderer/core/frame/local_frame_client_impl.h
 +++ b/third_party/blink/renderer/core/frame/local_frame_client_impl.h
 @@ -76,6 +76,8 @@ class CORE_EXPORT LocalFrameClientImpl final : public LocalFrameClient {
@@ -123,10 +123,10 @@ index 28d83f87c1582c8df6209f5d0a9aef130f0a4bea..3822c88091dfc803c4c57256e04bbc39
                                  int32_t world_id) override;
  
 diff --git a/third_party/blink/renderer/core/loader/empty_clients.h b/third_party/blink/renderer/core/loader/empty_clients.h
-index 3e442a5ddf1dd775febd433e2adb4795a3e5edec..22b5d7fbc3f09ea677444adbd8cae2ecd205b037 100644
+index 9f9e6c6188d1f108f584b1117a91fc3e9a5e38ab..05330ea84dc1555bcc9dd6fbbd63e97348b5664d 100644
 --- a/third_party/blink/renderer/core/loader/empty_clients.h
 +++ b/third_party/blink/renderer/core/loader/empty_clients.h
-@@ -337,6 +337,8 @@ class CORE_EXPORT EmptyLocalFrameClient : public LocalFrameClient {
+@@ -343,6 +343,8 @@ class CORE_EXPORT EmptyLocalFrameClient : public LocalFrameClient {
  
    void DidCreateScriptContext(v8::Local<v8::Context>,
                                int32_t world_id) override {}

patches/chromium/add_realloc.patch

@@ -12,10 +12,10 @@ when we override ReallocateBufferMemory, so we therefore need to implement
 Realloc on the v8 side and correspondingly in gin.
 
 diff --git a/gin/array_buffer.cc b/gin/array_buffer.cc
-index 124c2f72a5cbc2abe8c7686c32b61718d4c95d4b..fa4a478450cc97d231496ab82c74c1a94d1f3557 100644
+index 210760801f1d027196111631d34bab3eb5a10792..cdfdf91841b5f2feb248b0c5890ddcfdb5a8f9ce 100644
 --- a/gin/array_buffer.cc
 +++ b/gin/array_buffer.cc
-@@ -43,6 +43,10 @@ void* ArrayBufferAllocator::AllocateUninitialized(size_t length) {
+@@ -37,6 +37,10 @@ void* ArrayBufferAllocator::AllocateUninitialized(size_t length) {
    return malloc(length);
  }
  
@@ -27,7 +27,7 @@ index 124c2f72a5cbc2abe8c7686c32b61718d4c95d4b..fa4a478450cc97d231496ab82c74c1a9
    free(data);
  }
 diff --git a/gin/array_buffer.h b/gin/array_buffer.h
-index 2aef366ac8194aa261cbca6abc051f7da8a988d3..3c7d66c81032636abcca4f1538ce9b7f4ddb2de2 100644
+index 086371af29bd8c7520485125deddca411e8b978b..2c6886ddcc47019be4d552d4fddfc1c3d00cbca0 100644
 --- a/gin/array_buffer.h
 +++ b/gin/array_buffer.h
 @@ -21,6 +21,7 @@ class ArrayBufferAllocator : public v8::ArrayBuffer::Allocator {
@@ -39,10 +39,10 @@ index 2aef366ac8194aa261cbca6abc051f7da8a988d3..3c7d66c81032636abcca4f1538ce9b7f
  
    GIN_EXPORT static ArrayBufferAllocator* SharedInstance();
 diff --git a/third_party/blink/renderer/bindings/core/v8/v8_initializer.cc b/third_party/blink/renderer/bindings/core/v8/v8_initializer.cc
-index 4fbbdb2304a40ae4bca03dd51ce55615c5babae2..e2213b00d73f399bb14b7edfa0fb719aa12a6be5 100644
+index 7f88acc40ec99f0ecd1b71270980ee6e0c3e203e..42cdbc706a33792859fece7741846c4cc922008a 100644
 --- a/third_party/blink/renderer/bindings/core/v8/v8_initializer.cc
 +++ b/third_party/blink/renderer/bindings/core/v8/v8_initializer.cc
-@@ -697,6 +697,10 @@ class ArrayBufferAllocator : public v8::ArrayBuffer::Allocator {
+@@ -699,6 +699,10 @@ class ArrayBufferAllocator : public v8::ArrayBuffer::Allocator {
      return result;
    }
  
@@ -54,10 +54,10 @@ index 4fbbdb2304a40ae4bca03dd51ce55615c5babae2..e2213b00d73f399bb14b7edfa0fb719a
      if (max_allocation_ != 0 && data)
        total_allocation_.fetch_sub(size, std::memory_order_relaxed);
 diff --git a/third_party/blink/renderer/core/typed_arrays/array_buffer/array_buffer_contents.cc b/third_party/blink/renderer/core/typed_arrays/array_buffer/array_buffer_contents.cc
-index 686806bcafa0939d29bbc6775748a115130feb96..20f7a9a594cf379b2dac6970bc8c02aebc3be360 100644
+index ec217020077613d72eee4b5c408bd5e9eda2ae47..7ab2fa4d00eca9d4896653e29c98654ff75d4306 100644
 --- a/third_party/blink/renderer/core/typed_arrays/array_buffer/array_buffer_contents.cc
 +++ b/third_party/blink/renderer/core/typed_arrays/array_buffer/array_buffer_contents.cc
-@@ -127,6 +127,11 @@ void* ArrayBufferContents::AllocateMemoryOrNull(size_t size,
+@@ -149,6 +149,11 @@ void* ArrayBufferContents::AllocateMemoryOrNull(size_t size,
    return AllocateMemoryWithFlags(size, policy, base::PartitionAllocReturnNull);
  }
  

patches/chromium/add_setter_for_browsermainloop_result_code.patch

@@ -0,0 +1,26 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Samuel Attard <samuel.r.attard@gmail.com>
+Date: Wed, 14 Apr 2021 17:19:23 -0700
+Subject: add setter for BrowserMainLoop::result_code_
+
+After a recent refactor
+(https://chromium-review.googlesource.com/c/chromium/src/+/2725153) the
+result_code_ pointer is no longer provided to embedders, but their are
+valid use cases for setting custom exit codes of the main loop.  This
+exposes a simple setter that embedders can call.
+
+diff --git a/content/browser/browser_main_loop.h b/content/browser/browser_main_loop.h
+index e116a3de7fb765758793b3feecab2654193c3a96..0131d97a8b82d2339c99d1b1c6c3faeba2ae35ff 100644
+--- a/content/browser/browser_main_loop.h
++++ b/content/browser/browser_main_loop.h
+@@ -167,6 +167,10 @@ class CONTENT_EXPORT BrowserMainLoop {
+ 
+   int GetResultCode() const { return result_code_; }
+ 
++  void SetResultCode(int code) {
++    result_code_ = code;
++  }
++
+   media::AudioManager* audio_manager() const;
+   bool AudioServiceOutOfProcess() const;
+   media::AudioSystem* audio_system() const { return audio_system_.get(); }

patches/chromium/add_trustedauthclient_to_urlloaderfactory.patch

@@ -1,161 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: deepak1556 <hop2deep@gmail.com>
-Date: Wed, 27 Jan 2021 15:20:01 -0800
-Subject: add TrustedAuthClient to URLLoaderFactory
-
-This allows intercepting authentication requests for the 'net' module.
-Without this, the 'login' event for electron.net.ClientRequest can't be
-implemented, because the existing path checks for the presence of a
-WebContents, and cancels the authentication if there's no WebContents
-available, which there isn't in the case of the 'net' module.
-
-diff --git a/services/network/public/mojom/network_context.mojom b/services/network/public/mojom/network_context.mojom
-index fd0f46bfd8d5b7c803042635460cd3b87d2521dc..64a7d8b08f19865cd5d824a9a48ef27abe60a02a 100644
---- a/services/network/public/mojom/network_context.mojom
-+++ b/services/network/public/mojom/network_context.mojom
-@@ -228,6 +228,26 @@ struct CTPolicy {
-   array<string> excluded_legacy_spkis;
- };
- 
-+interface TrustedAuthClient {
-+  OnAuthRequired(
-+      mojo_base.mojom.UnguessableToken? window_id,
-+      uint32 process_id,
-+      uint32 routing_id,
-+      uint32 request_id,
-+      url.mojom.Url url,
-+      bool first_auth_attempt,
-+      AuthChallengeInfo auth_info,
-+      URLResponseHead? head,
-+      pending_remote<AuthChallengeResponder> auth_challenge_responder);
-+};
-+
-+interface TrustedURLLoaderAuthClient {
-+  // When a new URLLoader is created, this will be called to pass a
-+  // corresponding |auth_client|.
-+  OnLoaderCreated(int32 request_id,
-+                  pending_receiver<TrustedAuthClient> auth_client);
-+};
-+
- interface CertVerifierClient {
-   Verify(
-     int32 default_error,
-@@ -660,6 +680,8 @@ struct URLLoaderFactoryParams {
-   // impact because of the extra process hops, so use should be minimized.
-   pending_remote<TrustedURLLoaderHeaderClient>? header_client;
- 
-+  pending_remote<TrustedURLLoaderAuthClient>? auth_client;
-+
-   // Information used restrict access to identity information (like SameSite
-   // cookies) and to shard network resources, like the cache. If set, takes
-   // precedence over ResourceRequest::TrustedParams::IsolationInfo field
-diff --git a/services/network/url_loader.cc b/services/network/url_loader.cc
-index 00339d4537993b97bd2a3d62e3aa95057cd41a03..165aba6599c17d74a4ffc3553f018854f7807ab0 100644
---- a/services/network/url_loader.cc
-+++ b/services/network/url_loader.cc
-@@ -459,6 +459,7 @@ URLLoader::URLLoader(
-     base::WeakPtr<KeepaliveStatisticsRecorder> keepalive_statistics_recorder,
-     base::WeakPtr<NetworkUsageAccumulator> network_usage_accumulator,
-     mojom::TrustedURLLoaderHeaderClient* url_loader_header_client,
-+    mojom::TrustedURLLoaderAuthClient* url_loader_auth_client,
-     mojom::OriginPolicyManager* origin_policy_manager,
-     std::unique_ptr<TrustTokenRequestHelperFactory> trust_token_helper_factory,
-     const cors::OriginAccessList& origin_access_list,
-@@ -523,6 +524,11 @@ URLLoader::URLLoader(
-     header_client_.set_disconnect_handler(
-         base::BindOnce(&URLLoader::OnMojoDisconnect, base::Unretained(this)));
-   }
-+  if (url_loader_auth_client) {
-+    url_loader_auth_client->OnLoaderCreated(request_id_, auth_client_.BindNewPipeAndPassReceiver());
-+    auth_client_.set_disconnect_handler(
-+        base::BindOnce(&URLLoader::OnMojoDisconnect, base::Unretained(this)));
-+  }
-   if (want_raw_headers_) {
-     options_ |= mojom::kURLLoadOptionSendSSLInfoWithResponse |
-                 mojom::kURLLoadOptionSendSSLInfoForCertificateError;
-@@ -1169,7 +1175,7 @@ void URLLoader::OnAuthRequired(net::URLRequest* url_request,
-     // |this| may have been deleted.
-     return;
-   }
--  if (!network_context_client_) {
-+  if (!network_context_client_ && !auth_client_) {
-     OnAuthCredentials(base::nullopt);
-     return;
-   }
-@@ -1185,11 +1191,19 @@ void URLLoader::OnAuthRequired(net::URLRequest* url_request,
-   if (url_request->response_headers())
-     head->headers = url_request->response_headers();
-   head->auth_challenge_info = auth_info;
--  network_context_client_->OnAuthRequired(
--      fetch_window_id_, factory_params_->process_id, render_frame_id_,
--      request_id_, url_request_->url(), first_auth_attempt_, auth_info,
--      std::move(head),
--      auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());
-+  if (auth_client_) {
-+    auth_client_->OnAuthRequired(
-+        fetch_window_id_, factory_params_->process_id, render_frame_id_,
-+        request_id_, url_request_->url(), first_auth_attempt_, auth_info,
-+        std::move(head),
-+        auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());
-+  } else {
-+    network_context_client_->OnAuthRequired(
-+        fetch_window_id_, factory_params_->process_id, render_frame_id_,
-+        request_id_, url_request_->url(), first_auth_attempt_, auth_info,
-+        std::move(head),
-+        auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());
-+  }
- 
-   auth_challenge_responder_receiver_.set_disconnect_handler(
-       base::BindOnce(&URLLoader::DeleteSelf, base::Unretained(this)));
-diff --git a/services/network/url_loader.h b/services/network/url_loader.h
-index 7d0dc6685a0f1f7e5e3bcde2b5beb416f2d46030..d339b2a954067c5e2adcac6e64a6507f070e550b 100644
---- a/services/network/url_loader.h
-+++ b/services/network/url_loader.h
-@@ -129,6 +129,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader
-       base::WeakPtr<KeepaliveStatisticsRecorder> keepalive_statistics_recorder,
-       base::WeakPtr<NetworkUsageAccumulator> network_usage_accumulator,
-       mojom::TrustedURLLoaderHeaderClient* url_loader_header_client,
-+      mojom::TrustedURLLoaderAuthClient* url_loader_auth_client,
-       mojom::OriginPolicyManager* origin_policy_manager,
-       std::unique_ptr<TrustTokenRequestHelperFactory>
-           trust_token_helper_factory,
-@@ -494,6 +495,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader
-   base::Optional<base::UnguessableToken> fetch_window_id_;
- 
-   mojo::Remote<mojom::TrustedHeaderClient> header_client_;
-+  mojo::Remote<mojom::TrustedAuthClient> auth_client_;
- 
-   std::unique_ptr<FileOpenerForUpload> file_opener_for_upload_;
- 
-diff --git a/services/network/url_loader_factory.cc b/services/network/url_loader_factory.cc
-index 3b9b240615e56ef11a32ac87df2d189aae5c3bfa..bd2f131da2432eb63f0cb6610e10ede219f179c4 100644
---- a/services/network/url_loader_factory.cc
-+++ b/services/network/url_loader_factory.cc
-@@ -77,6 +77,7 @@ URLLoaderFactory::URLLoaderFactory(
-       resource_scheduler_client_(std::move(resource_scheduler_client)),
-       header_client_(std::move(params_->header_client)),
-       coep_reporter_(std::move(params_->coep_reporter)),
-+      auth_client_(std::move(params_->auth_client)),
-       cors_url_loader_factory_(cors_url_loader_factory),
-       cookie_observer_(std::move(params_->cookie_observer)) {
-   DCHECK(context);
-@@ -297,6 +298,7 @@ void URLLoaderFactory::CreateLoaderAndStart(
-       std::move(keepalive_statistics_recorder),
-       std::move(network_usage_accumulator),
-       header_client_.is_bound() ? header_client_.get() : nullptr,
-+      auth_client_.is_bound() ? auth_client_.get() : nullptr,
-       context_->origin_policy_manager(), std::move(trust_token_factory),
-       context_->cors_origin_access_list(), std::move(cookie_observer));
- 
-diff --git a/services/network/url_loader_factory.h b/services/network/url_loader_factory.h
-index 182b26816da9e82d83c47c3c73ecfdcf3003b967..903a3ad083201ed85e82169698041152278697fa 100644
---- a/services/network/url_loader_factory.h
-+++ b/services/network/url_loader_factory.h
-@@ -74,6 +74,7 @@ class URLLoaderFactory : public mojom::URLLoaderFactory {
-   scoped_refptr<ResourceSchedulerClient> resource_scheduler_client_;
-   mojo::Remote<mojom::TrustedURLLoaderHeaderClient> header_client_;
-   mojo::Remote<mojom::CrossOriginEmbedderPolicyReporter> coep_reporter_;
-+  mojo::Remote<mojom::TrustedURLLoaderAuthClient> auth_client_;
- 
-   // |cors_url_loader_factory_| owns this.
-   cors::CorsURLLoaderFactory* cors_url_loader_factory_;

patches/chromium/allow_in_process_windows_to_have_different_web_prefs.patch

@@ -8,11 +8,11 @@ WebPreferences of in-process child windows, rather than relying on
 process-level command line switches, as before.
 
 diff --git a/third_party/blink/common/web_preferences/web_preferences.cc b/third_party/blink/common/web_preferences/web_preferences.cc
-index 758b0b1616ecf86b7dd090adce94395851d9baf2..55f20eb6266368c65fc0ec80d52caa332f85ecfb 100644
+index 1363ee73abdfb05f7ff422c75b975a9d74f7dd43..ec12fa7fa8069c5bf090302221f67a3c586428a9 100644
 --- a/third_party/blink/common/web_preferences/web_preferences.cc
 +++ b/third_party/blink/common/web_preferences/web_preferences.cc
-@@ -146,6 +146,29 @@ WebPreferences::WebPreferences()
-       navigate_on_drag_drop(true),
+@@ -148,6 +148,29 @@ WebPreferences::WebPreferences()
+       fake_no_alloc_direct_call_for_testing_enabled(false),
        v8_cache_options(blink::mojom::V8CacheOptions::kDefault),
        record_whole_document(false),
 +
@@ -42,7 +42,7 @@ index 758b0b1616ecf86b7dd090adce94395851d9baf2..55f20eb6266368c65fc0ec80d52caa33
        accelerated_video_decode_enabled(false),
        animation_policy(
 diff --git a/third_party/blink/common/web_preferences/web_preferences_mojom_traits.cc b/third_party/blink/common/web_preferences/web_preferences_mojom_traits.cc
-index e713617a5306c8afc24559b6065aec59a0bc3e5a..80e728d1bac10c18c7799387f6c32339db615cea 100644
+index 7fa49dd367b28441c1395b11dfe8795dc230b7e3..32a0bd4831dfbb70d5c23617fbf40458b9ace164 100644
 --- a/third_party/blink/common/web_preferences/web_preferences_mojom_traits.cc
 +++ b/third_party/blink/common/web_preferences/web_preferences_mojom_traits.cc
 @@ -24,6 +24,11 @@ bool StructTraits<blink::mojom::WebPreferencesDataView,
@@ -57,8 +57,8 @@ index e713617a5306c8afc24559b6065aec59a0bc3e5a..80e728d1bac10c18c7799387f6c32339
        !data.ReadLazyFrameLoadingDistanceThresholdsPx(
            &out->lazy_frame_loading_distance_thresholds_px) ||
        !data.ReadLazyImageLoadingDistanceThresholdsPx(
-@@ -150,6 +155,27 @@ bool StructTraits<blink::mojom::WebPreferencesDataView,
-   out->navigate_on_drag_drop = data.navigate_on_drag_drop();
+@@ -154,6 +159,27 @@ bool StructTraits<blink::mojom::WebPreferencesDataView,
+       data.fake_no_alloc_direct_call_for_testing_enabled();
    out->v8_cache_options = data.v8_cache_options();
    out->record_whole_document = data.record_whole_document();
 +
@@ -86,7 +86,7 @@ index e713617a5306c8afc24559b6065aec59a0bc3e5a..80e728d1bac10c18c7799387f6c32339
    out->accelerated_video_decode_enabled =
        data.accelerated_video_decode_enabled();
 diff --git a/third_party/blink/public/common/web_preferences/web_preferences.h b/third_party/blink/public/common/web_preferences/web_preferences.h
-index 02c341e76e009a20f1d564ff4648ef40dd5cb9f3..4a0fd299c4cced5cfe97b209065311fa2f3f4b70 100644
+index c457698eba5dcc2dad1b0e674cb6785ffc666b5b..ecd1910993840d6605071e848d5675a4c0f97f5c 100644
 --- a/third_party/blink/public/common/web_preferences/web_preferences.h
 +++ b/third_party/blink/public/common/web_preferences/web_preferences.h
 @@ -9,6 +9,7 @@
@@ -94,10 +94,10 @@ index 02c341e76e009a20f1d564ff4648ef40dd5cb9f3..4a0fd299c4cced5cfe97b209065311fa
  #include <vector>
  
 +#include "base/files/file_path.h"
- #include "base/strings/string16.h"
  #include "base/time/time.h"
  #include "build/build_config.h"
-@@ -159,6 +160,29 @@ struct BLINK_COMMON_EXPORT WebPreferences {
+ #include "net/nqe/effective_connection_type.h"
+@@ -161,6 +162,29 @@ struct BLINK_COMMON_EXPORT WebPreferences {
    blink::mojom::V8CacheOptions v8_cache_options;
    bool record_whole_document;
  
@@ -128,7 +128,7 @@ index 02c341e76e009a20f1d564ff4648ef40dd5cb9f3..4a0fd299c4cced5cfe97b209065311fa
    // only controls whether or not the "document.cookie" field is properly
    // connected to the backing store, for instance if you wanted to be able to
 diff --git a/third_party/blink/public/common/web_preferences/web_preferences_mojom_traits.h b/third_party/blink/public/common/web_preferences/web_preferences_mojom_traits.h
-index 0bd751d729ecdbc556686e7d38156ca736bd7a33..a4e6b664cb28f8d7bff2955fd935cd467a64ca3b 100644
+index e35980e72f5d74a2483f7c62acd1d4b5db7fc5ac..5c3015ee753f9f2697e863d0fd68adf09e1f370c 100644
 --- a/third_party/blink/public/common/web_preferences/web_preferences_mojom_traits.h
 +++ b/third_party/blink/public/common/web_preferences/web_preferences_mojom_traits.h
 @@ -6,6 +6,7 @@
@@ -139,7 +139,7 @@ index 0bd751d729ecdbc556686e7d38156ca736bd7a33..a4e6b664cb28f8d7bff2955fd935cd46
  #include "mojo/public/cpp/bindings/struct_traits.h"
  #include "net/nqe/effective_connection_type.h"
  #include "third_party/blink/public/common/common_export.h"
-@@ -436,6 +437,88 @@ struct BLINK_COMMON_EXPORT StructTraits<blink::mojom::WebPreferencesDataView,
+@@ -446,6 +447,88 @@ struct BLINK_COMMON_EXPORT StructTraits<blink::mojom::WebPreferencesDataView,
      return r.record_whole_document;
    }
  
@@ -229,7 +229,7 @@ index 0bd751d729ecdbc556686e7d38156ca736bd7a33..a4e6b664cb28f8d7bff2955fd935cd46
      return r.cookie_enabled;
    }
 diff --git a/third_party/blink/public/mojom/webpreferences/web_preferences.mojom b/third_party/blink/public/mojom/webpreferences/web_preferences.mojom
-index 1100a97287a02c3a1286513af6a36153ee6f76cb..7e5e12118f0c5c6725fb478a0198a46e500c0157 100644
+index 3e2aae1d92b1c60b725bc8386e1d304dfabe384c..fc8113ea2221660ac2bed4e85844a95f31fbedf1 100644
 --- a/third_party/blink/public/mojom/webpreferences/web_preferences.mojom
 +++ b/third_party/blink/public/mojom/webpreferences/web_preferences.mojom
 @@ -9,6 +9,7 @@ import "third_party/blink/public/mojom/css/preferred_contrast.mojom";
@@ -240,7 +240,7 @@ index 1100a97287a02c3a1286513af6a36153ee6f76cb..7e5e12118f0c5c6725fb478a0198a46e
  
  enum PointerType {
    kPointerNone                              = 1,             // 1 << 0
-@@ -210,6 +211,29 @@ struct WebPreferences {
+@@ -212,6 +213,29 @@ struct WebPreferences {
    V8CacheOptions v8_cache_options;
    bool record_whole_document;
  

patches/chromium/allow_setting_secondary_label_via_simplemenumodel.patch

@@ -6,81 +6,81 @@ Subject: Allow setting secondary label via SimpleMenuModel
 Builds on https://chromium-review.googlesource.com/c/chromium/src/+/2208976
 
 diff --git a/ui/base/models/simple_menu_model.cc b/ui/base/models/simple_menu_model.cc
-index 0c37f6e2caead2f3004f1fbdd2abe7921ef4bea7..6f46775d96153d0c6a0795a1d6085f532daf985c 100644
+index 016dab7776139c8ea7eab60569f3e5c5aeff8014..022225c4c02300667c58dc61165cc19d68eb4ca7 100644
 --- a/ui/base/models/simple_menu_model.cc
 +++ b/ui/base/models/simple_menu_model.cc
-@@ -53,6 +53,11 @@ base::string16 SimpleMenuModel::Delegate::GetLabelForCommandId(
-   return base::string16();
+@@ -53,6 +53,11 @@ std::u16string SimpleMenuModel::Delegate::GetLabelForCommandId(
+   return std::u16string();
  }
  
-+base::string16 SimpleMenuModel::Delegate::GetSecondaryLabelForCommandId(
++std::u16string SimpleMenuModel::Delegate::GetSecondaryLabelForCommandId(
 +    int command_id) const {
-+  return base::string16();
++  return std::u16string();
 +}
 +
  ImageModel SimpleMenuModel::Delegate::GetIconForCommandId(
      int command_id) const {
    return ImageModel();
-@@ -295,6 +300,11 @@ void SimpleMenuModel::SetLabel(int index, const base::string16& label) {
+@@ -295,6 +300,11 @@ void SimpleMenuModel::SetLabel(int index, const std::u16string& label) {
    MenuItemsChanged();
  }
  
-+void SimpleMenuModel::SetSecondaryLabel(int index, const base::string16& secondary_label) {
++void SimpleMenuModel::SetSecondaryLabel(int index, const std::u16string& secondary_label) {
 +  items_[ValidateItemIndex(index)].secondary_label = secondary_label;
 +  MenuItemsChanged();
 +}
 +
  void SimpleMenuModel::SetMinorText(int index,
-                                    const base::string16& minor_text) {
+                                    const std::u16string& minor_text) {
    items_[ValidateItemIndex(index)].minor_text = minor_text;
-@@ -372,6 +382,12 @@ base::string16 SimpleMenuModel::GetLabelAt(int index) const {
+@@ -377,6 +387,12 @@ std::u16string SimpleMenuModel::GetLabelAt(int index) const {
    return items_[ValidateItemIndex(index)].label;
  }
  
-+base::string16 SimpleMenuModel::GetSecondaryLabelAt(int index) const {
++std::u16string SimpleMenuModel::GetSecondaryLabelAt(int index) const {
 +  if (IsItemDynamicAt(index))
 +    return delegate_->GetSecondaryLabelForCommandId(GetCommandIdAt(index));
 +  return items_[ValidateItemIndex(index)].secondary_label;
 +}
 +
- base::string16 SimpleMenuModel::GetMinorTextAt(int index) const {
+ std::u16string SimpleMenuModel::GetMinorTextAt(int index) const {
    return items_[ValidateItemIndex(index)].minor_text;
  }
 diff --git a/ui/base/models/simple_menu_model.h b/ui/base/models/simple_menu_model.h
-index 31669898f91d928bb63665d32ab9e4b114fecbf5..6c3f9734e2ee2cb3b6d5f9ed2787751709b013ed 100644
+index 5ab6c93bb3599b72952bdc8226e6c473477b7315..1132ec877298d5d5812547ffa12a4be2f2708dc4 100644
 --- a/ui/base/models/simple_menu_model.h
 +++ b/ui/base/models/simple_menu_model.h
-@@ -51,6 +51,7 @@ class COMPONENT_EXPORT(UI_BASE) SimpleMenuModel : public MenuModel {
+@@ -50,6 +50,7 @@ class COMPONENT_EXPORT(UI_BASE) SimpleMenuModel : public MenuModel {
      // Some command ids have labels and icons that change over time.
      virtual bool IsItemForCommandIdDynamic(int command_id) const;
-     virtual base::string16 GetLabelForCommandId(int command_id) const;
-+    virtual base::string16 GetSecondaryLabelForCommandId(int command_id) const;
+     virtual std::u16string GetLabelForCommandId(int command_id) const;
++    virtual std::u16string GetSecondaryLabelForCommandId(int command_id) const;
      // Gets the icon for the item with the specified id.
      virtual ImageModel GetIconForCommandId(int command_id) const;
  
-@@ -154,6 +155,9 @@ class COMPONENT_EXPORT(UI_BASE) SimpleMenuModel : public MenuModel {
+@@ -153,6 +154,9 @@ class COMPONENT_EXPORT(UI_BASE) SimpleMenuModel : public MenuModel {
    // Sets the label for the item at |index|.
-   void SetLabel(int index, const base::string16& label);
+   void SetLabel(int index, const std::u16string& label);
  
 +  // Sets the secondary_label for the item at |index|.
-+  void SetSecondaryLabel(int index, const base::string16& secondary_label);
++  void SetSecondaryLabel(int index, const std::u16string& secondary_label);
 +
    // Sets the minor text for the item at |index|.
-   void SetMinorText(int index, const base::string16& minor_text);
+   void SetMinorText(int index, const std::u16string& minor_text);
  
-@@ -183,6 +187,7 @@ class COMPONENT_EXPORT(UI_BASE) SimpleMenuModel : public MenuModel {
+@@ -185,6 +189,7 @@ class COMPONENT_EXPORT(UI_BASE) SimpleMenuModel : public MenuModel {
    ui::MenuSeparatorType GetSeparatorTypeAt(int index) const override;
    int GetCommandIdAt(int index) const override;
-   base::string16 GetLabelAt(int index) const override;
-+  base::string16 GetSecondaryLabelAt(int index) const override;
-   base::string16 GetMinorTextAt(int index) const override;
+   std::u16string GetLabelAt(int index) const override;
++  std::u16string GetSecondaryLabelAt(int index) const override;
+   std::u16string GetMinorTextAt(int index) const override;
    ImageModel GetMinorIconAt(int index) const override;
    bool IsItemDynamicAt(int index) const override;
-@@ -219,6 +224,7 @@ class COMPONENT_EXPORT(UI_BASE) SimpleMenuModel : public MenuModel {
+@@ -222,6 +227,7 @@ class COMPONENT_EXPORT(UI_BASE) SimpleMenuModel : public MenuModel {
      int command_id = 0;
      ItemType type = TYPE_COMMAND;
-     base::string16 label;
-+    base::string16 secondary_label;
-     base::string16 minor_text;
+     std::u16string label;
++    std::u16string secondary_label;
+     std::u16string minor_text;
      ImageModel minor_icon;
      ImageModel icon;

patches/chromium/blink-worker-enable-csp-in-file-scheme.patch

@@ -6,7 +6,7 @@ Subject: blink-worker-enable-csp-in-file-scheme.patch
 This allows file:// URLs in workers to have a CSP.
 
 diff --git a/third_party/blink/renderer/core/workers/worker_classic_script_loader.cc b/third_party/blink/renderer/core/workers/worker_classic_script_loader.cc
-index 07e84a8cad8689fde5f8a2c054e82851db598e8c..22b959c65d76a31d7a4c9acf1273fe61cef1204f 100644
+index 870beea1249e10e59ead3d2777292deb2e559eb2..b8ab71e8395edfaa8cd8e56bbfcc315466239f06 100644
 --- a/third_party/blink/renderer/core/workers/worker_classic_script_loader.cc
 +++ b/third_party/blink/renderer/core/workers/worker_classic_script_loader.cc
 @@ -366,7 +366,6 @@ void WorkerClassicScriptLoader::ProcessContentSecurityPolicy(
@@ -16,4 +16,4 @@ index 07e84a8cad8689fde5f8a2c054e82851db598e8c..22b959c65d76a31d7a4c9acf1273fe61
 -      !response.CurrentRequestUrl().ProtocolIs("file") &&
        !response.CurrentRequestUrl().ProtocolIs("filesystem")) {
      content_security_policy_ = MakeGarbageCollected<ContentSecurityPolicy>();
-     content_security_policy_->SetOverrideURLForSelf(
+     content_security_policy_->DidReceiveHeaders(

patches/chromium/blink_local_frame.patch

@@ -15,10 +15,10 @@ Refs changes in:
 This patch reverts the changes to fix associated crashes in Electron.
 
 diff --git a/third_party/blink/renderer/core/frame/frame.cc b/third_party/blink/renderer/core/frame/frame.cc
-index 9305b576b06a8020583939f357cd42902302b543..d772a31a436bf8f0617d87b5fcf5bd960bf871d9 100644
+index b52bd3cffc6fff968c2da489c93e89f69173bcd8..684c9104e6e3c07eaf7a19e2fb00768e7f491519 100644
 --- a/third_party/blink/renderer/core/frame/frame.cc
 +++ b/third_party/blink/renderer/core/frame/frame.cc
-@@ -135,14 +135,6 @@ bool Frame::Detach(FrameDetachType type) {
+@@ -118,14 +118,6 @@ bool Frame::Detach(FrameDetachType type) {
  
    DCHECK(!IsDetached());
  
@@ -33,7 +33,7 @@ index 9305b576b06a8020583939f357cd42902302b543..d772a31a436bf8f0617d87b5fcf5bd96
    if (type == FrameDetachType::kRemove) {
      if (provisional_frame_) {
        provisional_frame_->Detach(FrameDetachType::kRemove);
-@@ -165,6 +157,14 @@ bool Frame::Detach(FrameDetachType type) {
+@@ -148,6 +140,14 @@ bool Frame::Detach(FrameDetachType type) {
      GetWindowProxyManager()->ClearForSwap();
    }
  
@@ -49,10 +49,10 @@ index 9305b576b06a8020583939f357cd42902302b543..d772a31a436bf8f0617d87b5fcf5bd96
    // its owning reference back to our owning LocalFrame.
    client_->Detached(type);
 diff --git a/third_party/blink/renderer/core/frame/local_frame.cc b/third_party/blink/renderer/core/frame/local_frame.cc
-index ae17afa2ef54f16875107bb462ceac3e741e285f..214bf6868a56e77030583dccf190dac14bcdc190 100644
+index a70c5d861a9ae244f23b80180d501388c0193888..d6cf1cbb0beb65f0003051f67d5fa5b723c77a74 100644
 --- a/third_party/blink/renderer/core/frame/local_frame.cc
 +++ b/third_party/blink/renderer/core/frame/local_frame.cc
-@@ -670,10 +670,6 @@ bool LocalFrame::DetachImpl(FrameDetachType type) {
+@@ -674,10 +674,6 @@ bool LocalFrame::DetachImpl(FrameDetachType type) {
    }
    DCHECK(!view_ || !view_->IsAttached());
  
@@ -63,7 +63,7 @@ index ae17afa2ef54f16875107bb462ceac3e741e285f..214bf6868a56e77030583dccf190dac1
    if (!Client())
      return false;
  
-@@ -715,6 +711,11 @@ bool LocalFrame::DetachImpl(FrameDetachType type) {
+@@ -723,6 +719,11 @@ bool LocalFrame::DetachImpl(FrameDetachType type) {
    DCHECK(!view_->IsAttached());
    Client()->WillBeDetached();
  

patches/chromium/blink_world_context.patch

@@ -7,10 +7,10 @@ This exposes a method for obtaining a reference to an isolated world, which is
 otherwise not available in the Blink API.
 
 diff --git a/third_party/blink/public/web/web_local_frame.h b/third_party/blink/public/web/web_local_frame.h
-index 01599517cc798843e50a7fe1c8d994c37b1cabf6..caa7048d51eeb43a4cfbbc75020e46e20b304898 100644
+index 50702c6c3a1871b9d38ad38b5e6844f54ff2fdc5..45368849a627270a13241107e7165e020bf37d79 100644
 --- a/third_party/blink/public/web/web_local_frame.h
 +++ b/third_party/blink/public/web/web_local_frame.h
-@@ -367,6 +367,8 @@ class WebLocalFrame : public WebFrame {
+@@ -368,6 +368,8 @@ class WebLocalFrame : public WebFrame {
    // Returns the world ID associated with |script_context|.
    virtual int32_t GetScriptContextWorldId(
        v8::Local<v8::Context> script_context) const = 0;
@@ -20,10 +20,10 @@ index 01599517cc798843e50a7fe1c8d994c37b1cabf6..caa7048d51eeb43a4cfbbc75020e46e2
    // Executes script in the context of the current page and returns the value
    // that the script evaluated to with callback. Script execution can be
 diff --git a/third_party/blink/renderer/core/frame/web_local_frame_impl.cc b/third_party/blink/renderer/core/frame/web_local_frame_impl.cc
-index f9e9ffead24fab0e5bf73f9a808aa07f30b4370a..e95e8d4e252b30a4f4a5ae16ca78737c48d9cca1 100644
+index 80f58a5f2762fa7e1d4aed8e64cca88ae4162c15..8660df6074865b845f1b8341cb1348adb28c2339 100644
 --- a/third_party/blink/renderer/core/frame/web_local_frame_impl.cc
 +++ b/third_party/blink/renderer/core/frame/web_local_frame_impl.cc
-@@ -1033,6 +1033,13 @@ v8::Local<v8::Object> WebLocalFrameImpl::GlobalProxy() const {
+@@ -1037,6 +1037,13 @@ v8::Local<v8::Object> WebLocalFrameImpl::GlobalProxy() const {
    return MainWorldScriptContext()->Global();
  }
  
@@ -38,10 +38,10 @@ index f9e9ffead24fab0e5bf73f9a808aa07f30b4370a..e95e8d4e252b30a4f4a5ae16ca78737c
    return BindingSecurity::ShouldAllowAccessToFrame(
        CurrentDOMWindow(V8PerIsolateData::MainThreadIsolate()),
 diff --git a/third_party/blink/renderer/core/frame/web_local_frame_impl.h b/third_party/blink/renderer/core/frame/web_local_frame_impl.h
-index 786f9dd51861cffd8869f2262104ec79c2066db4..7833167f3deda00f1ccd67b5904f51f6d9162a03 100644
+index 04035ce2827f28592f6a80100e9dd5912bff80cf..31edba8a2af07c0dc41bbd47b74259d1dfa1818b 100644
 --- a/third_party/blink/renderer/core/frame/web_local_frame_impl.h
 +++ b/third_party/blink/renderer/core/frame/web_local_frame_impl.h
-@@ -162,6 +162,8 @@ class CORE_EXPORT WebLocalFrameImpl final
+@@ -166,6 +166,8 @@ class CORE_EXPORT WebLocalFrameImpl final
    v8::Local<v8::Context> MainWorldScriptContext() const override;
    int32_t GetScriptContextWorldId(
        v8::Local<v8::Context> script_context) const override;

patches/chromium/boringssl_build_gn.patch

@@ -6,10 +6,10 @@ Subject: boringssl BUILD.gn
 Build BoringSSL with some extra functions that nodejs needs.
 
 diff --git a/third_party/boringssl/BUILD.gn b/third_party/boringssl/BUILD.gn
-index ad77b1b087829ca94940696a9b520c9ce189e7cd..13abac589d07895c51d0848c5a38693d4a32133d 100644
+index 00563d7c895eafc16789699cdb5fa82c4fb540a7..ccae86b66cdeddf20ab8a92078a9dc34e960d125 100644
 --- a/third_party/boringssl/BUILD.gn
 +++ b/third_party/boringssl/BUILD.gn
-@@ -46,6 +46,19 @@ config("no_asm_config") {
+@@ -45,6 +45,19 @@ config("no_asm_config") {
  
  all_sources = crypto_sources + ssl_sources
  all_headers = crypto_headers + ssl_headers

patches/chromium/breakpad_treat_node_processes_as_browser_processes.patch

@@ -10,10 +10,10 @@ breakpad independently, as a "browser" process. This patches
 crash annotation.
 
 diff --git a/components/crash/core/app/breakpad_linux.cc b/components/crash/core/app/breakpad_linux.cc
-index 76993a9ec8dcd6c69cf3e58c49838264783a06c9..7b38b3bc102448b1c6f0663875ce305bc6e986ff 100644
+index 5eb19c8a47467d8df30316bfbd7f3c2f38aea7c0..094244b198745e6fbbfb8d72e7bc2e0ceb4db88c 100644
 --- a/components/crash/core/app/breakpad_linux.cc
 +++ b/components/crash/core/app/breakpad_linux.cc
-@@ -716,8 +716,13 @@ bool CrashDone(const MinidumpDescriptor& minidump,
+@@ -717,8 +717,13 @@ bool CrashDone(const MinidumpDescriptor& minidump,
    log_path[log_path_len] = '\0';
    info.log_filename = log_path;
  #endif
@@ -29,7 +29,7 @@ index 76993a9ec8dcd6c69cf3e58c49838264783a06c9..7b38b3bc102448b1c6f0663875ce305b
    info.distro = base::g_linux_distro;
    info.distro_length = my_strlen(base::g_linux_distro);
    info.upload = upload;
-@@ -2023,8 +2028,13 @@ void InitCrashReporter(const std::string& process_type) {
+@@ -2024,8 +2029,13 @@ void InitCrashReporter(const std::string& process_type) {
        process_type == kWebViewSingleProcessType ||
        process_type == kBrowserProcessType ||
  #endif

patches/chromium/build_add_electron_tracing_category.patch

@@ -8,13 +8,13 @@ categories in use are known / declared.  This patch is required for us
 to introduce a new Electron category for Electron-specific tracing.
 
 diff --git a/base/trace_event/builtin_categories.h b/base/trace_event/builtin_categories.h
-index ad3e86fb45ed6e115e62e89917fff8309a0e0705..c222819b9de97b988c9a2a49f971961e11665cad 100644
+index c697f7ced74e8cf7c43ae64e48aefb9822728992..f3008fc4e041b09d580061b2a2581f60dd41f8c4 100644
 --- a/base/trace_event/builtin_categories.h
 +++ b/base/trace_event/builtin_categories.h
-@@ -73,6 +73,7 @@
+@@ -75,6 +75,7 @@
    X("drmcursor")                                                         \
    X("dwrite")                                                            \
-   X("DXVA Decoding")                                                     \
+   X("DXVA_Decoding")                                                     \
 +  X("electron")                                                          \
    X("evdev")                                                             \
    X("event")                                                             \