electron

mirror of https://github.com/electron/electron.git synced 2026-05-02 03:00:22 -04:00

Files

trop[bot] ff69f9e490 fix: validate header name and value in webRequest.onBeforeSendHeaders (#51364 )

* fix: validate header name and value in webRequest.onBeforeSendHeaders

Chromium's net::HttpRequestHeaders::SetHeader() uses CHECK() to enforce
valid header names and values, which causes a fatal crash if the caller
passes invalid strings. When users modify requestHeaders in the
onBeforeSendHeaders callback with invalid header names (e.g. containing
spaces) or invalid header values (e.g. containing CRLF), the
gin::Converter<net::HttpRequestHeaders>::FromV8() calls SetHeader()
directly, triggering the CHECK and crashing the process.

This change adds pre-validation using net::HttpUtil::IsValidHeaderName()
and net::HttpUtil::IsValidHeaderValue() before calling SetHeader(),
silently skipping invalid headers instead of crashing.

Co-authored-by: loufulton <loufulton.cz@gmail.com>

* Update shell/common/gin_converters/net_converter.cc

Co-authored-by: Charles Kerr <charles@charleskerr.com>

Co-authored-by: loufultoncz-coder <loufulton.cz@gmail.com>

* Update spec/api-web-request-spec.ts

Co-authored-by: Charles Kerr <charles@charleskerr.com>

Co-authored-by: loufultoncz-coder <loufulton.cz@gmail.com>

* fix: lint

Co-authored-by: loufulton <loufulton.cz@gmail.com>

---------

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: loufulton <loufulton.cz@gmail.com>

2026-04-28 12:02:12 -05:00

fixtures

test: add linux coverage for default protocol client APIs (#51294 )

2026-04-23 16:27:27 -05:00

lib

build: fix code-signing for MacOS x64 tests (#50072 )

2026-03-05 10:27:29 +01:00

ts-smoke

chore: bump chromium to 141.0.7361.0 (main) (#48054 )

2025-08-29 12:31:47 +09:00

.eslintrc.json

build: drop eslint-plugin-unicorn (#47676 )

2025-07-08 15:20:56 +02:00

.gitignore

feat: add error event for utility process (#43774 )

2024-09-27 10:17:06 +09:00

ambient.d.ts

chore: bump chromium to 144.0.7527.0 (40-x-y) (#49057 )

2025-11-24 16:59:42 -05:00

api-app-spec.ts

test: add linux coverage for default protocol client APIs (#51294 )

2026-04-23 16:27:27 -05:00

api-auto-updater-spec.ts

build: fix code-signing for MacOS x64 tests (#50072 )

2026-03-05 10:27:29 +01:00

api-autoupdater-darwin-spec.ts

test: fixup autoupdater tests failures (#51061 )

2026-04-15 10:05:49 -04:00

api-autoupdater-msix-spec.ts

feat: msix auto-updater (#49587 )

2026-02-02 14:22:04 +01:00

api-browser-view-spec.ts

fix: BrowserWindow add the same BrowserView (#48053 )

2025-08-28 10:31:41 +02:00

api-browser-window-spec.ts

fix: intermittent CI failure is-not-alwaysOnTop (#51134 )

2026-04-20 15:25:21 -07:00

api-clipboard-spec.ts

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

api-content-tracing-spec.ts

fix: add missing HandleScope in contentTracing.getTraceBufferUsage() (#50593 )

2026-03-31 11:12:14 +02:00

api-context-bridge-spec.ts

refactor: attach translator holder via v8::Function data slot (#51121 )

2026-04-17 18:06:58 -05:00

api-corner-smoothing-spec.ts

fix: corner smoothing feature gate crash (#47759 )

2025-07-16 08:39:17 -07:00

api-crash-reporter-spec.ts

fix: restore std::deque for dynamic crash key storage (#50838 )

2026-04-09 14:49:22 +02:00

api-debugger-spec.ts

test: run script to help target discovery and reduce flakes (#44741 )

2024-11-20 08:55:09 -06:00

api-desktop-capturer-spec.ts

test: add desktopCapturer icon validation (#50820 )

2026-04-15 11:40:41 +02:00

api-dialog-spec.ts

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

api-global-shortcut-spec.ts

test: test menu rendering accelerators (#44634 )

2025-05-06 14:09:35 -04:00

api-image-view-spec.ts

docs: add documentation for ImageView (#46760 )

2025-05-29 10:24:16 -07:00

api-in-app-purchase-spec.ts

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

api-ipc-main-spec.ts

docs: Make ipcRenderer and ipcMain listener API docs consistent (#44651 )

2024-11-18 14:44:30 -08:00

api-ipc-renderer-spec.ts

docs: Make ipcRenderer and ipcMain listener API docs consistent (#44651 )

2024-11-18 14:44:30 -08:00

api-ipc-spec.ts

chore: upgrade Node.js to v24.10.0 (#48739 )

2025-11-04 09:52:30 +01:00

api-media-handler-spec.ts

fix: crash on getUserMedia with invalid chromeMediaSourceId (#45733 )

2025-02-21 10:17:52 -06:00

api-menu-item-spec.ts

fix: default accelerator for role-based menu items (#49669 )

2026-02-09 10:09:18 -05:00

api-menu-spec.ts

fix: menu close event missing after opening a submenu (#49963 )

2026-02-26 17:29:31 -05:00

api-native-image-spec.ts

feat: add SF Symbol support to NativeImage::CreateFromNamedImage (#48772 )

2025-11-10 21:18:00 +01:00

api-native-theme-spec.ts

feat: expose nativeTheme.shouldUseDarkColorsForSystemIntegratedUI (#46438 )

2025-04-10 12:08:29 +02:00

api-net-custom-protocols-spec.ts

fix: apply IsSafeRedirectTarget to net module redirects (#50928 )

2026-04-11 07:34:24 -05:00

api-net-log-spec.ts

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

api-net-session-spec.ts

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

api-net-spec.ts

fix: apply IsSafeRedirectTarget to net module redirects (#50928 )

2026-04-11 07:34:24 -05:00

api-notification-dbus-spec.ts

chore: bump chromium to 144.0.7527.0 (40-x-y) (#49057 )

2025-11-24 16:59:42 -05:00

api-notification-spec.ts

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

api-power-monitor-spec.ts

chore: bump chromium to 144.0.7527.0 (40-x-y) (#49057 )

2025-11-24 16:59:42 -05:00

api-power-save-blocker-spec.ts

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

api-process-spec.ts

refactor: eliminate duplicate code in spec/api-process-spec.ts (#45927 )

2025-03-09 17:37:14 -05:00

api-protocol-spec.ts

fix: ensure corsEnabled: false protocol handlers do not work across protocols (40-x-y) (#51271 )

2026-04-23 16:29:12 -05:00

api-safe-storage-spec.ts

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

api-screen-spec.ts

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

api-service-worker-main-spec.ts

feat: ServiceWorkerMain.scriptURL (#45863 )

2025-03-14 21:00:13 -04:00

api-service-workers-spec.ts

feat: service worker preload scripts for improved extensions support (#44411 )

2025-01-31 09:32:45 -05:00

api-session-spec.ts

fix: propagate requesting frame through sync permission checks (#50719 )

2026-04-06 11:50:52 -04:00

api-shared-texture-spec.ts

chore: bump chromium to 144.0.7527.0 (40-x-y) (#49057 )

2025-11-24 16:59:42 -05:00

api-shell-spec.ts

fix: second argument to shell.writeShortcutLink is optional (#49501 )

2026-01-26 14:29:56 +01:00

api-subframe-spec.ts

chore: bump chromium to 140.0.7281.0 (main) (#47616 )

2025-07-14 13:42:37 -07:00

api-system-preferences-spec.ts

feat: Add getAccentColor on Linux (#48027 )

2025-10-21 14:26:30 -04:00

api-touch-bar-spec.ts

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

api-tray-spec.ts

feat: allow macOS tray to maintain position (#47838 )

2025-08-07 19:25:50 +02:00

api-utility-process-spec.ts

fix: correct utility process exit code on Windows (#50387 )

2026-03-19 18:48:40 -07:00

api-view-spec.ts

test: add view.getBounds|setBounds tests (#48962 )

2025-11-14 10:57:24 -05:00

api-web-contents-spec.ts

test: fix race in reentrant loadURL() ready-to-commit test (#51322 )

2026-04-26 12:30:06 -05:00

api-web-contents-view-spec.ts

fix: re-enable MacWebContentsOcclusion with embedder window fix (#50713 )

2026-04-06 10:14:32 -04:00

api-web-frame-main-spec.ts

chore: bump chromium to 143.0.7497.0 (main) (#48657 )

2025-10-28 11:17:29 -04:00

api-web-frame-spec.ts

chore: bump chromium to 140.0.7281.0 (main) (#47616 )

2025-07-14 13:42:37 -07:00

api-web-request-spec.ts

fix: validate header name and value in webRequest.onBeforeSendHeaders (#51364 )

2026-04-28 12:02:12 -05:00

api-web-utils-spec.ts

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

asar-integrity-spec.ts

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

asar-spec.ts

fix: return numeric blksize and blocks from asar fs.stat (#50875 )

2026-04-10 18:29:38 +02:00

autofill-spec.ts

fix: clamp autofill popup bounds to the requesting frame viewport (#50943 )

2026-04-11 11:08:51 -05:00

chromium-spec.ts

fix: nodeIntegrationInWorker not working in AudioWorklet (#51004 )

2026-04-21 16:16:24 +02:00

cpp-heap-spec.ts

test: add cppgc backed menu leak regression test (#50883 )

2026-04-10 21:06:00 +02:00

crash-spec.ts

fix: oob string read when parsing node_options (#46210 )

2025-03-25 19:33:10 +09:00

deprecate-spec.ts

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

disabled-tests.json

fix: ensure corsEnabled: false protocol handlers do not work across protocols (40-x-y) (#51271 )

2026-04-23 16:29:12 -05:00

esm-spec.ts

feat: dynamic ESM import in preload without context isolation (#48375 )

2025-10-08 10:44:09 +02:00

extensions-spec.ts

fix: scope extension tab-ID resolution to the calling BrowserContext (#50924 )

2026-04-11 13:42:52 -07:00

fuses-spec.ts

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

get-files.ts

chore: remove walkdir dev dependency (#42591 )

2024-06-21 10:31:10 -04:00

guest-window-manager-spec.ts

fix: restrict window.open features to allowlisted BrowserWindow options (#50947 )

2026-04-11 19:04:56 -07:00

index.js

fix: ensure corsEnabled: false protocol handlers do not work across protocols (40-x-y) (#51271 )

2026-04-23 16:29:12 -05:00

logging-spec.ts

fix: prevent log files being written to current directory on Windows (#44413 )

2025-05-02 16:27:29 -05:00

modules-spec.ts

fix: importing from electron/utility in ESM (#47998 )

2025-08-09 09:47:47 +02:00

node-spec.ts

feat: add support for --experimental-transform-types (#49883 )

2026-02-25 12:54:38 -05:00

package.json

test: remove split dependency (#49557 )

2026-01-28 22:11:08 +01:00

parse-features-string-spec.ts

fix: restrict window.open features to allowlisted BrowserWindow options (#50947 )

2026-04-11 19:04:56 -07:00

pipe-transport.ts

test: drop now-empty remote runner (#35343 )

2022-08-16 15:23:13 -04:00

process-binding-spec.ts

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

release-notes-spec.ts

build: drop dugite as a dependency (#49204 )

2025-12-15 14:40:56 -05:00

security-warnings-spec.ts

feat: expose frame & move properties to console-message event object (#43617 )

2024-10-18 16:07:06 -04:00

spellchecker-spec.ts

chore: bump chromium to 144.0.7527.0 (40-x-y) (#49057 )

2025-11-24 16:59:42 -05:00

types-spec.ts

chore: update node types version (#36924 )

2023-01-18 14:46:27 +01:00

version-bump-spec.ts

build: drop dugite as a dependency (#49204 )

2025-12-15 14:40:56 -05:00

visibility-state-spec.ts

build: use github actions for windows (#44136 )

2024-12-12 11:51:24 -05:00

webview-spec.ts

test: rerun failed tests individually (#48205 )

2025-09-24 13:35:14 -07:00