Pchen0/electron @ 7-0-x

Branch: 7-0-x

1-3-x

1-4-x

1-5-x

1-6-x

1-7-x

1-8-x

10-x-y

11-x-y

12-x-y

13-x-y

14-x-y

15-x-y

16-x-y

17-x-y

18-x-y

19-x-y

2-0-x

2-1-x

20-x-y

21-x-y

22-x-y

23-x-y

24-x-y

25-x-y

26-x-y

27-x-y

28-x-y

29-x-y

3-0-x

3-1-x

30-x-y

31-x-y

32-x-y

33-x-y

34-x-y

35-x-y

36-x-y

4-0-x

4-1-x

4-2-x

5-0-x

6-0-x

6-1-x

7-0-x

7-1-x

7-2-x

7-3-x

8-x-y

9-x-y

actions-mac-test

alice-fix-open-external-bug

alice-prototype-same-site

alice-remove-import

appveyor-node2017-bake

better-console-message

build/preserve-patch-line-endings

build/remove-fs-extra-devdep--31-x-y

bump-appveyor-image

bump-appveyor-image-node-18

check-mnt

cherry-pick/33-x-y/chromium/df77f100c3c2

cherry-pick/33-x-y/v8/20d9a7f760c0

cherry-pick/33-x-y/v8/3fdedec45691

cherry-pick/main/chromium/013961609785

cherry-pick/security/29-x-y/release-1-m121

cherry-pick/security/30-x-y/2-m127-to-2-m129

cherry-pick/security/30-x-y/2-m129

cherry-pick/security/32-x-y/3-m126

cherry-pick/security/33-x-y/3-m129

chore/add-domain-is-check

chore/comment-out-unused-arg-names

chore/eslint-code-blocks

chore/prefer-as-const

chromium-lts-31-x-y

circle-windows

clavin/remove-unused-spellcheck-srcs

clavin/smooth-corner-rounding

close-windows-harder

codesign-fix

confirm-bg-color-corruption

custom-error-pages

dd-tests

delete-src-artifacts-when-done

dependabot/github_actions/main/actions/setup-node-4.3.0

dependabot/npm_and_yarn/main/eslint-plugin-unicorn-56.0.1

dependabot/npm_and_yarn/main/markdownlint-cli2-0.17.2

dip-screen-rect-linux

display_id-to-displayId

docs/deprecate-null-session

docs/win-asar

dsanders11/test-mdx-docs

enable-read-write-svg

enable-report-specs

eslint-code-blocks-test

esm-loading-pkg-json

feat/enable-extension

feat/frame-copy-image

feat/gamescope-overlay

feat/resync-default-font-list

feat/toggle-extensions

fix-browser-view-drag-remove

fix-drag-drop-crash

fix-ensure-win-close

fix-frameless-frame

fix-ipc-race-2

fix-lint

fix-message-port-crash

fix-message-port-serialize-issue

fix-same-party-cookie-patch

fix-service-worker-registration-24

fix-setbg-wcv

fix-user-agent

fix-util-proc-crash

fix-visibilitystate-webview

fix/Wunsafe-buffer-usage-warning

fix/actionable-submenu-accels

fix/capture-window-on-top

fix/ipc-callback-crash

fix/webrequest-checks

fixup-win-release-checkout

flake-fix

fps-patch

get-recent-documents

get-resource-usage

gh-actions-fixup-publish

gh-actions-mac-publish

gh-actions-publish-both-question-mark

gh-actions-publish-linux

gh-actions-split-publish-jobs

gh-macos-publish

gha

gha-lin-test

gxu-add-handlers

gxu-frame-eviction-patch

hardfalcon-26-x-y_simdutf-3.2.9

legacymainresolvefix

lf-patch-test

line-numbers-wildcard

m1-tests-x64

m1-x64

main

miniak/browser-view-apis

miniak/deprecate-event-sender

miniak/document-idle

miniak/drop-macos-10.13-10.14-support

miniak/frozen-intrinsics

miniak/get-user-default-from-suite

miniak/gpu-info-update

miniak/ipc-renderer-internal

miniak/listen-url-slash

miniak/prefer-switch

miniak/set-window-open-handler-features

miniak/unicorn-prefer

mp-33-x-y-appveyor-node-20-17

net-no-response-error

no-onwindowshow

node-20.17-appveyor

pdf-tests

perf/avoid-double-map-lookup-in-ElectronComponentExtensionResourceManager

perf/avoid-double-map-lookup-in-WebContents.DevToolsIndexPath()

perf/avoid-double-map-lookup-in-WebFrameMain-ctor

perf/avoid-map-temporaries-in-IsDevToolsFileSystemAdded

perf/avoid-redundant-map-lookup-when-creating-ElectronBrowserContext

perf/avoid-redundant-map-lookups-in-GlobalShortcut

perf/use-NewFromUtf8Literal-for-literals

perf/use-v8-eternal-for-immortal-globals

permission-v2

ppontes/restore-force-lf-for-patches

ppontes/restore-force-lf-for-patches-split

pr/31571

printing-rework

qpt

re-add-occluded

re-enable-thin-lto

re-enable-thin-lto-node-22

refactor/UvTaskRunner

refactor/aggregate-RootView-main_view_

refactor/avoid-deprecated-WIDGET_OWNS_NATIVE_WIDGET

refactor/extension-registrar

refactor/gin-span

refactor/migrate-to-crypto-hash

refactor/prefer-span-over-node-buffer-api

refactor/put-empty-virtual-function-definitions-in-header

refactor/reduce-use-of-AdaptCallbackForRepeating

refactor/remove-unnecessary-template-type-in-EmitEvent()

replace-browserview-merge-check

replace-browserview-update

req-origin-ses

resource-allowlist

restore-window-state

revert-44516-doc/fix-apostrophe-typos

revert-destroy-url-loader-wrapper

revert-domainis-refactor

revert-dxDiagNodeData

revert-wayland-generic-capturer

robo/add_wpt_testing

robo/enable_spare_renderer

robo/support_url_property_fetch_response

roll-mantle

roller/chromium/36-x-y

roller/chromium/main

roller/node/34-x-y

roller/orb/continuousauth/npm/main

roller/orb/electronjs/node/main

same-party-patch

sckp

sckp-chrome-upstream

sckp-k

sckp-macos15

security/29-x-y/0-m126

security/29-x-y/2-m124

single-check

slow-same-party-revert

spike-storage-access-api

split-ipc-renderer

support-dip-screen-conversion-linux

support-system-context-menu-linux

switch-check

tabs-onupdated

test-bake-image

test-macos

test-menu-accelerators

test-mksnapshot-compile

test-patch-lf

test-patch-roll

test/native-click

test/osr-colors

testing-nan-patch

thumb-cap

timeout-never-click-fix

trop/29-x-y-bp-fix-wco-maximize-button-visibility-when-non-maximizable-1712824186798

trop/30-x-y-bp-fix-wco-maximize-button-visibility-when-non-maximizable-1712824180841

trop/31-x-y-bp-build-remove-appveyor-bake-1739909097137

trop/32-x-y-bp-build-remove-appveyor-bake-1739909098763

trop/32-x-y-bp-chore-add-process-memory-limit-details-in-parition_alloc-oom-handler-1730720959588

trop/33-x-y-bp-build-remove-appveyor-bake-1739909100722

trop/33-x-y-bp-fix-destroy-url-loader-wrapper-when-js-env-exits-1732033976533

trop/34-x-y-bp-build-remove-appveyor-bake-1739909097719

trop/34-x-y-bp-fix-webcontents-printtopdf-with-cross-process-subframes-1742908615986

trop/34-x-y-bp-perf-don-t-wait-for-thumbnails-if-they-were-not-requested-on-macos-1742901653464

trop/35-x-y-bp-build-fixup-release-builds-1742842528613

trop/35-x-y-bp-fix-oob-string-read-when-parsing-node_options-1742898799929

trop/35-x-y-bp-fix-webcontents-printtopdf-with-cross-process-subframes-1742908615377

trop/35-x-y-bp-refactor-add-electronbrowsercontext-getdefaultbrowsercontext--1742219011551

trop/36-x-y-bp-fix-webcontents-printtopdf-with-cross-process-subframes-1742908616946

trop/36-x-y-bp-perf-don-t-wait-for-thumbnails-if-they-were-not-requested-on-macos-1742901658374

try-fix-applescript

try-remove-embedder-exception-patch--34-x-y

try-remove-timeout

use-custom-upterm-server

utility-process-wrapper-check

wayland-roll-tests

wfm-cross-origin

win-cross

windows-runner-2

windows-runner-big

writing-tools

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267

const { expect } = require('chai')
const { remote } = require('electron')
const path = require('path')
const http = require('http')

const { emittedNTimes, emittedOnce } = require('./events-helpers')
const { closeWindow } = require('./window-helpers')

const { app, BrowserWindow, ipcMain } = remote

describe('renderer nodeIntegrationInSubFrames', () => {
  const generateTests = (description, webPreferences) => {
    describe(description, () => {
      const fixtureSuffix = webPreferences.webviewTag ? '-webview' : ''
      let w

      beforeEach(async () => {
        await closeWindow(w)
        w = new BrowserWindow({
          show: false,
          width: 400,
          height: 400,
          webPreferences
        })
      })

      afterEach(() => {
        return closeWindow(w).then(() => {
          w = null
        })
      })

      it('should load preload scripts in top level iframes', async () => {
        const detailsPromise = emittedNTimes(ipcMain, 'preload-ran', 2)
        w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-container${fixtureSuffix}.html`))
        const [event1, event2] = await detailsPromise
        expect(event1[0].frameId).to.not.equal(event2[0].frameId)
        expect(event1[0].frameId).to.equal(event1[2])
        expect(event2[0].frameId).to.equal(event2[2])
      })

      it('should load preload scripts in nested iframes', async () => {
        const detailsPromise = emittedNTimes(ipcMain, 'preload-ran', 3)
        w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-with-frame-container${fixtureSuffix}.html`))
        const [event1, event2, event3] = await detailsPromise
        expect(event1[0].frameId).to.not.equal(event2[0].frameId)
        expect(event1[0].frameId).to.not.equal(event3[0].frameId)
        expect(event2[0].frameId).to.not.equal(event3[0].frameId)
        expect(event1[0].frameId).to.equal(event1[2])
        expect(event2[0].frameId).to.equal(event2[2])
        expect(event3[0].frameId).to.equal(event3[2])
      })

      it('should correctly reply to the main frame with using event.reply', async () => {
        const detailsPromise = emittedNTimes(ipcMain, 'preload-ran', 2)
        w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-container${fixtureSuffix}.html`))
        const [event1] = await detailsPromise
        const pongPromise = emittedOnce(ipcMain, 'preload-pong')
        event1[0].reply('preload-ping')
        const details = await pongPromise
        expect(details[1]).to.equal(event1[0].frameId)
      })

      it('should correctly reply to the sub-frames with using event.reply', async () => {
        const detailsPromise = emittedNTimes(ipcMain, 'preload-ran', 2)
        w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-container${fixtureSuffix}.html`))
        const [, event2] = await detailsPromise
        const pongPromise = emittedOnce(ipcMain, 'preload-pong')
        event2[0].reply('preload-ping')
        const details = await pongPromise
        expect(details[1]).to.equal(event2[0].frameId)
      })

      it('should correctly reply to the nested sub-frames with using event.reply', async () => {
        const detailsPromise = emittedNTimes(ipcMain, 'preload-ran', 3)
        w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-with-frame-container${fixtureSuffix}.html`))
        const [, , event3] = await detailsPromise
        const pongPromise = emittedOnce(ipcMain, 'preload-pong')
        event3[0].reply('preload-ping')
        const details = await pongPromise
        expect(details[1]).to.equal(event3[0].frameId)
      })

      it('should not expose globals in main world', async () => {
        const detailsPromise = emittedNTimes(ipcMain, 'preload-ran', 2)
        w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-container${fixtureSuffix}.html`))
        const details = await detailsPromise
        const senders = details.map(event => event[0].sender)
        await new Promise(async resolve => {
          let resultCount = 0
          senders.forEach(async sender => {
            const result = await sender.webContents.executeJavaScript('window.isolatedGlobal')
            if (webPreferences.contextIsolation) {
              expect(result).to.be.null()
            } else {
              expect(result).to.equal(true)
            }
            resultCount++
            if (resultCount === senders.length) resolve()
          })
        })
      })
    })
  }

  const generateConfigs = (webPreferences, ...permutations) => {
    const configs = [{ webPreferences, names: [] }]
    for (let i = 0; i < permutations.length; i++) {
      const length = configs.length
      for (let j = 0; j < length; j++) {
        const newConfig = Object.assign({}, configs[j])
        newConfig.webPreferences = Object.assign({},
          newConfig.webPreferences, permutations[i].webPreferences)
        newConfig.names = newConfig.names.slice(0)
        newConfig.names.push(permutations[i].name)
        configs.push(newConfig)
      }
    }

    return configs.map(config => {
      if (config.names.length > 0) {
        config.title = `with ${config.names.join(', ')} on`
      } else {
        config.title = `without anything special turned on`
      }
      delete config.names

      return config
    })
  }

  generateConfigs(
    {
      preload: path.resolve(__dirname, 'fixtures/sub-frames/preload.js'),
      nodeIntegrationInSubFrames: true
    },
    {
      name: 'sandbox',
      webPreferences: { sandbox: true }
    },
    {
      name: 'context isolation',
      webPreferences: { contextIsolation: true }
    },
    {
      name: 'webview',
      webPreferences: { webviewTag: true, preload: false }
    }
  ).forEach(config => {
    generateTests(config.title, config.webPreferences)
  })

  describe('internal <iframe> inside of <webview>', () => {
    let w

    beforeEach(async () => {
      await closeWindow(w)
      w = new BrowserWindow({
        show: false,
        width: 400,
        height: 400,
        webPreferences: {
          preload: path.resolve(__dirname, 'fixtures/sub-frames/webview-iframe-preload.js'),
          nodeIntegrationInSubFrames: true,
          webviewTag: true
        }
      })
    })

    afterEach(() => {
      return closeWindow(w).then(() => {
        w = null
      })
    })

    it('should not load preload scripts', async () => {
      const promisePass = emittedOnce(ipcMain, 'webview-loaded')
      const promiseFail = emittedOnce(ipcMain, 'preload-in-frame').then(() => {
        throw new Error('preload loaded in internal frame')
      })
      await w.loadURL('about:blank')
      return Promise.race([promisePass, promiseFail])
    })
  })
})

describe('cross-site frame sandboxing', () => {
  let server = null

  beforeEach(function () {
    if (process.platform === 'linux') {
      this.skip()
    }
  })

  before(function (done) {
    server = http.createServer((req, res) => {
      res.end(`<iframe name="frame" src="${server.cross_site_url}" />`)
    })
    server.listen(0, '127.0.0.1', () => {
      server.url = `http://127.0.0.1:${server.address().port}/`
      server.cross_site_url = `http://localhost:${server.address().port}/`
      done()
    })
  })

  after(() => {
    server.close()
    server = null
  })

  let w

  afterEach(() => {
    return closeWindow(w).then(() => {
      w = null
    })
  })

  const generateSpecs = (description, webPreferences) => {
    describe(description, () => {
      it('iframe process is sandboxed if possible', async () => {
        w = new BrowserWindow({
          show: false,
          webPreferences
        })

        await w.loadURL(server.url)

        const pidMain = w.webContents.getOSProcessId()
        const pidFrame = w.webContents._getOSProcessIdForFrame('frame', server.cross_site_url)

        const metrics = app.getAppMetrics()
        const isProcessSandboxed = function (pid) {
          const entry = metrics.filter(metric => metric.pid === pid)[0]
          return entry && entry.sandboxed
        }

        const sandboxMain = !!(webPreferences.sandbox || process.mas)
        const sandboxFrame = sandboxMain || !webPreferences.nodeIntegrationInSubFrames

        expect(isProcessSandboxed(pidMain)).to.equal(sandboxMain)
        expect(isProcessSandboxed(pidFrame)).to.equal(sandboxFrame)
      })
    })
  }

  generateSpecs('nodeIntegrationInSubFrames = false, sandbox = false', {
    nodeIntegrationInSubFrames: false,
    sandbox: false
  })

  generateSpecs('nodeIntegrationInSubFrames = false, sandbox = true', {
    nodeIntegrationInSubFrames: false,
    sandbox: true
  })

  generateSpecs('nodeIntegrationInSubFrames = true, sandbox = false', {
    nodeIntegrationInSubFrames: true,
    sandbox: false
  })

  generateSpecs('nodeIntegrationInSubFrames = true, sandbox = true', {
    nodeIntegrationInSubFrames: true,
    sandbox: true
  })
})

api-subframe-spec.js 8.7 KB Permalink History Raw

api-subframe-spec.js 8.7 KB

Permalink History Raw