Pchen0/electron @ 20-x-y

Branch: 20-x-y

1-3-x

1-4-x

1-5-x

1-6-x

1-7-x

1-8-x

10-x-y

11-x-y

12-x-y

13-x-y

14-x-y

15-x-y

16-x-y

17-x-y

18-x-y

19-x-y

2-0-x

2-1-x

20-x-y

21-x-y

22-x-y

23-x-y

24-x-y

25-x-y

26-x-y

27-x-y

28-x-y

29-x-y

3-0-x

3-1-x

30-x-y

31-x-y

32-x-y

33-x-y

34-x-y

35-x-y

36-x-y

4-0-x

4-1-x

4-2-x

5-0-x

6-0-x

6-1-x

7-0-x

7-1-x

7-2-x

7-3-x

8-x-y

9-x-y

actions-mac-test

alice-fix-open-external-bug

alice-prototype-same-site

alice-remove-import

appveyor-node2017-bake

better-console-message

build/preserve-patch-line-endings

build/remove-fs-extra-devdep--31-x-y

bump-appveyor-image

bump-appveyor-image-node-18

check-mnt

cherry-pick/33-x-y/chromium/df77f100c3c2

cherry-pick/33-x-y/v8/20d9a7f760c0

cherry-pick/33-x-y/v8/3fdedec45691

cherry-pick/main/chromium/013961609785

cherry-pick/security/29-x-y/release-1-m121

cherry-pick/security/30-x-y/2-m127-to-2-m129

cherry-pick/security/30-x-y/2-m129

cherry-pick/security/32-x-y/3-m126

cherry-pick/security/33-x-y/3-m129

chore/add-domain-is-check

chore/comment-out-unused-arg-names

chore/eslint-code-blocks

chore/prefer-as-const

chromium-lts-31-x-y

circle-windows

clavin/remove-unused-spellcheck-srcs

clavin/smooth-corner-rounding

close-windows-harder

codesign-fix

confirm-bg-color-corruption

custom-error-pages

dd-tests

delete-src-artifacts-when-done

dependabot/github_actions/main/actions/setup-node-4.3.0

dependabot/npm_and_yarn/main/eslint-plugin-unicorn-56.0.1

dependabot/npm_and_yarn/main/markdownlint-cli2-0.17.2

dip-screen-rect-linux

display_id-to-displayId

docs/deprecate-null-session

docs/win-asar

dsanders11/test-mdx-docs

enable-read-write-svg

enable-report-specs

eslint-code-blocks-test

esm-loading-pkg-json

feat/enable-extension

feat/frame-copy-image

feat/gamescope-overlay

feat/resync-default-font-list

feat/toggle-extensions

fix-browser-view-drag-remove

fix-drag-drop-crash

fix-ensure-win-close

fix-frameless-frame

fix-ipc-race-2

fix-lint

fix-message-port-crash

fix-message-port-serialize-issue

fix-same-party-cookie-patch

fix-service-worker-registration-24

fix-setbg-wcv

fix-user-agent

fix-util-proc-crash

fix-visibilitystate-webview

fix/Wunsafe-buffer-usage-warning

fix/actionable-submenu-accels

fix/capture-window-on-top

fix/ipc-callback-crash

fix/webrequest-checks

fixup-win-release-checkout

flake-fix

fps-patch

get-recent-documents

get-resource-usage

gh-actions-fixup-publish

gh-actions-mac-publish

gh-actions-publish-both-question-mark

gh-actions-publish-linux

gh-actions-split-publish-jobs

gh-macos-publish

gha

gha-lin-test

gxu-add-handlers

gxu-frame-eviction-patch

hardfalcon-26-x-y_simdutf-3.2.9

legacymainresolvefix

lf-patch-test

line-numbers-wildcard

m1-tests-x64

m1-x64

main

miniak/browser-view-apis

miniak/deprecate-event-sender

miniak/document-idle

miniak/drop-macos-10.13-10.14-support

miniak/frozen-intrinsics

miniak/get-user-default-from-suite

miniak/gpu-info-update

miniak/ipc-renderer-internal

miniak/listen-url-slash

miniak/prefer-switch

miniak/set-window-open-handler-features

miniak/unicorn-prefer

mp-33-x-y-appveyor-node-20-17

net-no-response-error

no-onwindowshow

node-20.17-appveyor

pdf-tests

perf/avoid-double-map-lookup-in-ElectronComponentExtensionResourceManager

perf/avoid-double-map-lookup-in-WebContents.DevToolsIndexPath()

perf/avoid-double-map-lookup-in-WebFrameMain-ctor

perf/avoid-map-temporaries-in-IsDevToolsFileSystemAdded

perf/avoid-redundant-map-lookup-when-creating-ElectronBrowserContext

perf/avoid-redundant-map-lookups-in-GlobalShortcut

perf/use-NewFromUtf8Literal-for-literals

perf/use-v8-eternal-for-immortal-globals

permission-v2

ppontes/restore-force-lf-for-patches

ppontes/restore-force-lf-for-patches-split

pr/31571

printing-rework

qpt

re-add-occluded

re-enable-thin-lto

re-enable-thin-lto-node-22

refactor/UvTaskRunner

refactor/aggregate-RootView-main_view_

refactor/avoid-deprecated-WIDGET_OWNS_NATIVE_WIDGET

refactor/extension-registrar

refactor/gin-span

refactor/migrate-to-crypto-hash

refactor/prefer-span-over-node-buffer-api

refactor/put-empty-virtual-function-definitions-in-header

refactor/reduce-use-of-AdaptCallbackForRepeating

refactor/remove-unnecessary-template-type-in-EmitEvent()

replace-browserview-merge-check

replace-browserview-update

req-origin-ses

resource-allowlist

restore-window-state

revert-44516-doc/fix-apostrophe-typos

revert-destroy-url-loader-wrapper

revert-domainis-refactor

revert-dxDiagNodeData

revert-wayland-generic-capturer

robo/add_wpt_testing

robo/enable_spare_renderer

robo/support_url_property_fetch_response

roll-mantle

roller/chromium/36-x-y

roller/chromium/main

roller/node/34-x-y

roller/orb/continuousauth/npm/main

roller/orb/electronjs/node/main

same-party-patch

sckp

sckp-chrome-upstream

sckp-k

sckp-macos15

security/29-x-y/0-m126

security/29-x-y/2-m124

single-check

slow-same-party-revert

spike-storage-access-api

split-ipc-renderer

support-dip-screen-conversion-linux

support-system-context-menu-linux

switch-check

tabs-onupdated

test-bake-image

test-macos

test-menu-accelerators

test-mksnapshot-compile

test-patch-lf

test-patch-roll

test/native-click

test/osr-colors

testing-nan-patch

thumb-cap

timeout-never-click-fix

trop/29-x-y-bp-fix-wco-maximize-button-visibility-when-non-maximizable-1712824186798

trop/30-x-y-bp-fix-wco-maximize-button-visibility-when-non-maximizable-1712824180841

trop/31-x-y-bp-build-remove-appveyor-bake-1739909097137

trop/32-x-y-bp-build-remove-appveyor-bake-1739909098763

trop/32-x-y-bp-chore-add-process-memory-limit-details-in-parition_alloc-oom-handler-1730720959588

trop/33-x-y-bp-build-remove-appveyor-bake-1739909100722

trop/33-x-y-bp-fix-destroy-url-loader-wrapper-when-js-env-exits-1732033976533

trop/34-x-y-bp-build-remove-appveyor-bake-1739909097719

trop/34-x-y-bp-fix-webcontents-printtopdf-with-cross-process-subframes-1742908615986

trop/34-x-y-bp-perf-don-t-wait-for-thumbnails-if-they-were-not-requested-on-macos-1742901653464

trop/35-x-y-bp-build-fixup-release-builds-1742842528613

trop/35-x-y-bp-fix-oob-string-read-when-parsing-node_options-1742898799929

trop/35-x-y-bp-fix-webcontents-printtopdf-with-cross-process-subframes-1742908615377

trop/35-x-y-bp-refactor-add-electronbrowsercontext-getdefaultbrowsercontext--1742219011551

trop/36-x-y-bp-fix-webcontents-printtopdf-with-cross-process-subframes-1742908616946

trop/36-x-y-bp-perf-don-t-wait-for-thumbnails-if-they-were-not-requested-on-macos-1742901658374

try-fix-applescript

try-remove-embedder-exception-patch--34-x-y

try-remove-timeout

use-custom-upterm-server

utility-process-wrapper-check

wayland-roll-tests

wfm-cross-origin

win-cross

windows-runner-2

windows-runner-big

writing-tools

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297

/**
 * Create and minimally track guest windows at the direction of the renderer
 * (via window.open). Here, "guest" roughly means "child" — it's not necessarily
 * emblematic of its process status; both in-process (same-origin) and
 * out-of-process (cross-origin) are created here. "Embedder" roughly means
 * "parent."
 */
import { BrowserWindow, deprecate } from 'electron/main';
import type { BrowserWindowConstructorOptions, Referrer, WebContents, LoadURLOptions } from 'electron/main';
import { parseFeatures } from '@electron/internal/browser/parse-features-string';

type PostData = LoadURLOptions['postData']
export type WindowOpenArgs = {
  url: string,
  frameName: string,
  features: string,
}

const frameNamesToWindow = new Map<string, BrowserWindow>();
const registerFrameNameToGuestWindow = (name: string, win: BrowserWindow) => frameNamesToWindow.set(name, win);
const unregisterFrameName = (name: string) => frameNamesToWindow.delete(name);
const getGuestWindowByFrameName = (name: string) => frameNamesToWindow.get(name);

/**
 * `openGuestWindow` is called to create and setup event handling for the new
 * window.
 *
 * Until its removal in 12.0.0, the `new-window` event is fired, allowing the
 * user to preventDefault() on the passed event (which ends up calling
 * DestroyWebContents).
 */
export function openGuestWindow ({ event, embedder, guest, referrer, disposition, postData, overrideBrowserWindowOptions, windowOpenArgs, outlivesOpener }: {
  event: { sender: WebContents, defaultPrevented: boolean },
  embedder: WebContents,
  guest?: WebContents,
  referrer: Referrer,
  disposition: string,
  postData?: PostData,
  overrideBrowserWindowOptions?: BrowserWindowConstructorOptions,
  windowOpenArgs: WindowOpenArgs,
  outlivesOpener: boolean,
}): BrowserWindow | undefined {
  const { url, frameName, features } = windowOpenArgs;
  const browserWindowOptions = makeBrowserWindowOptions({
    embedder,
    features,
    overrideOptions: overrideBrowserWindowOptions
  });

  const didCancelEvent = emitDeprecatedNewWindowEvent({
    event,
    embedder,
    guest,
    browserWindowOptions,
    windowOpenArgs,
    disposition,
    postData,
    referrer
  });
  if (didCancelEvent) return;

  // To spec, subsequent window.open calls with the same frame name (`target` in
  // spec parlance) will reuse the previous window.
  // https://html.spec.whatwg.org/multipage/window-object.html#apis-for-creating-and-navigating-browsing-contexts-by-name
  const existingWindow = getGuestWindowByFrameName(frameName);
  if (existingWindow) {
    if (existingWindow.isDestroyed() || existingWindow.webContents.isDestroyed()) {
      // FIXME(t57ser): The webContents is destroyed for some reason, unregister the frame name
      unregisterFrameName(frameName);
    } else {
      existingWindow.loadURL(url);
      return existingWindow;
    }
  }

  const window = new BrowserWindow({
    webContents: guest,
    ...browserWindowOptions
  });

  if (!guest) {
    // When we open a new window from a link (via OpenURLFromTab),
    // the browser process is responsible for initiating navigation
    // in the new window.
    window.loadURL(url, {
      httpReferrer: referrer,
      ...(postData && {
        postData,
        extraHeaders: formatPostDataHeaders(postData as Electron.UploadRawData[])
      })
    });
  }

  handleWindowLifecycleEvents({ embedder, frameName, guest: window, outlivesOpener });

  embedder.emit('did-create-window', window, { url, frameName, options: browserWindowOptions, disposition, referrer, postData });

  return window;
}

/**
 * Manage the relationship between embedder window and guest window. When the
 * guest is destroyed, notify the embedder. When the embedder is destroyed, so
 * too is the guest destroyed; this is Electron convention and isn't based in
 * browser behavior.
 */
const handleWindowLifecycleEvents = function ({ embedder, guest, frameName, outlivesOpener }: {
  embedder: WebContents,
  guest: BrowserWindow,
  frameName: string,
  outlivesOpener: boolean
}) {
  const closedByEmbedder = function () {
    guest.removeListener('closed', closedByUser);
    guest.destroy();
  };

  const closedByUser = function () {
    // Embedder might have been closed
    if (!embedder.isDestroyed() && !outlivesOpener) {
      embedder.removeListener('current-render-view-deleted' as any, closedByEmbedder);
    }
  };
  if (!outlivesOpener) {
    embedder.once('current-render-view-deleted' as any, closedByEmbedder);
  }
  guest.once('closed', closedByUser);

  if (frameName) {
    registerFrameNameToGuestWindow(frameName, guest);
    guest.once('closed', function () {
      unregisterFrameName(frameName);
    });
  }
};

/**
 * Deprecated in favor of `webContents.setWindowOpenHandler` and
 * `did-create-window` in 11.0.0. Will be removed in 12.0.0.
 */
function emitDeprecatedNewWindowEvent ({ event, embedder, guest, windowOpenArgs, browserWindowOptions, disposition, referrer, postData }: {
  event: { sender: WebContents, defaultPrevented: boolean, newGuest?: BrowserWindow },
  embedder: WebContents,
  guest?: WebContents,
  windowOpenArgs: WindowOpenArgs,
  browserWindowOptions: BrowserWindowConstructorOptions,
  disposition: string,
  referrer: Referrer,
  postData?: PostData,
}): boolean {
  const { url, frameName } = windowOpenArgs;
  const isWebViewWithPopupsDisabled = embedder.getType() === 'webview' && embedder.getLastWebPreferences()!.disablePopups;
  const postBody = postData ? {
    data: postData,
    ...parseContentTypeFormat(postData)
  } : null;

  if (embedder.listenerCount('new-window') > 0) {
    deprecate.log('The new-window event is deprecated and will be removed. Please use contents.setWindowOpenHandler() instead.');
  }

  embedder.emit(
    'new-window',
    event,
    url,
    frameName,
    disposition,
    {
      ...browserWindowOptions,
      webContents: guest
    },
    [], // additionalFeatures
    referrer,
    postBody
  );

  const { newGuest } = event;
  if (isWebViewWithPopupsDisabled) return true;
  if (event.defaultPrevented) {
    if (newGuest) {
      if (guest === newGuest.webContents) {
        // The webContents is not changed, so set defaultPrevented to false to
        // stop the callers of this event from destroying the webContents.
        event.defaultPrevented = false;
      }

      handleWindowLifecycleEvents({
        embedder: event.sender,
        guest: newGuest,
        frameName,
        outlivesOpener: false
      });
    }
    return true;
  }
  return false;
}

// Security options that child windows will always inherit from parent windows
const securityWebPreferences: { [key: string]: boolean } = {
  contextIsolation: true,
  javascript: false,
  nodeIntegration: false,
  sandbox: true,
  webviewTag: false,
  nodeIntegrationInSubFrames: false,
  enableWebSQL: false
};

function makeBrowserWindowOptions ({ embedder, features, overrideOptions }: {
  embedder: WebContents,
  features: string,
  overrideOptions?: BrowserWindowConstructorOptions,
}) {
  const { options: parsedOptions, webPreferences: parsedWebPreferences } = parseFeatures(features);

  return {
    show: true,
    width: 800,
    height: 600,
    ...parsedOptions,
    ...overrideOptions,
    // Note that for normal code path an existing WebContents created by
    // Chromium will be used, with web preferences parsed in the
    // |-will-add-new-contents| event.
    // The |webPreferences| here is only used by the |new-window| event.
    webPreferences: makeWebPreferences({
      embedder,
      insecureParsedWebPreferences: parsedWebPreferences,
      secureOverrideWebPreferences: overrideOptions && overrideOptions.webPreferences
    })
  } as Electron.BrowserViewConstructorOptions;
}

export function makeWebPreferences ({ embedder, secureOverrideWebPreferences = {}, insecureParsedWebPreferences: parsedWebPreferences = {} }: {
  embedder: WebContents,
  insecureParsedWebPreferences?: ReturnType<typeof parseFeatures>['webPreferences'],
  // Note that override preferences are considered elevated, and should only be
  // sourced from the main process, as they override security defaults. If you
  // have unvetted prefs, use parsedWebPreferences.
  secureOverrideWebPreferences?: BrowserWindowConstructorOptions['webPreferences'],
}) {
  const parentWebPreferences = embedder.getLastWebPreferences()!;
  const securityWebPreferencesFromParent = (Object.keys(securityWebPreferences).reduce((map, key) => {
    if (securityWebPreferences[key] === parentWebPreferences[key as keyof Electron.WebPreferences]) {
      (map as any)[key] = parentWebPreferences[key as keyof Electron.WebPreferences];
    }
    return map;
  }, {} as Electron.WebPreferences));

  return {
    ...parsedWebPreferences,
    // Note that order is key here, we want to disallow the renderer's
    // ability to change important security options but allow main (via
    // setWindowOpenHandler) to change them.
    ...securityWebPreferencesFromParent,
    ...secureOverrideWebPreferences
  };
}

function formatPostDataHeaders (postData: PostData) {
  if (!postData) return;

  const { contentType, boundary } = parseContentTypeFormat(postData);
  if (boundary != null) { return `content-type: ${contentType}; boundary=${boundary}`; }

  return `content-type: ${contentType}`;
}

const MULTIPART_CONTENT_TYPE = 'multipart/form-data';
const URL_ENCODED_CONTENT_TYPE = 'application/x-www-form-urlencoded';

// Figure out appropriate headers for post data.
export const parseContentTypeFormat = function (postData: Exclude<PostData, undefined>) {
  if (postData.length) {
    if (postData[0].type === 'rawData') {
      // For multipart forms, the first element will start with the boundary
      // notice, which looks something like `------WebKitFormBoundary12345678`
      // Note, this regex would fail when submitting a urlencoded form with an
      // input attribute of name="--theKey", but, uhh, don't do that?
      const postDataFront = postData[0].bytes.toString();
      const boundary = /^--.*[^-\r\n]/.exec(postDataFront);
      if (boundary) {
        return {
          boundary: boundary[0].substr(2),
          contentType: MULTIPART_CONTENT_TYPE
        };
      }
    }
  }
  // Either the form submission didn't contain any inputs (the postData array
  // was empty), or we couldn't find the boundary and thus we can assume this is
  // a key=value style form.
  return {
    contentType: URL_ENCODED_CONTENT_TYPE
  };
};

guest-window-manager.ts 10 KB Permalink History Raw

guest-window-manager.ts 10 KB

Permalink History Raw