зеркало из https://github.com/electron/electron.git
fix: sanitize params for 'context-menu' event sent over IPC for webview
This commit is contained in:
Milan Burda
Родитель
3b2c46dfd6
Коммит
7fee455138
|
|
@ -21,13 +21,6 @@ const supportedWebViewEvents = Object.keys(webViewEvents);
|
|||
const guestInstances = new Map<number, GuestInstance>();
|
||||
const embedderElementsMap = new Map<string, number>();
|
||||
|
||||
function sanitizeOptionsForGuest (options: Record<string, any>) {
|
||||
const ret = { ...options };
|
||||
// WebContents values can't be sent over IPC.
|
||||
delete ret.webContents;
|
||||
return ret;
|
||||
}
|
||||
|
||||
function makeWebPreferences (embedder: Electron.WebContents, params: Record<string, any>) {
|
||||
// parse the 'webpreferences' attribute string, if set
|
||||
// this uses the same parsing rules as window.open uses for its features
|
||||
|
|
@ -138,7 +131,12 @@ const createGuest = function (embedder: Electron.WebContents, embedderFrameId: n
|
|||
const makeProps = (eventKey: string, args: any[]) => {
|
||||
const props: Record<string, any> = {};
|
||||
webViewEvents[eventKey].forEach((prop, index) => {
|
||||
props[prop] = args[index];
|
||||
if (Array.isArray(prop)) {
|
||||
const [name, sanitizer] = prop;
|
||||
props[name] = sanitizer(args[index]);
|
||||
} else {
|
||||
props[prop as string] = args[index];
|
||||
}
|
||||
});
|
||||
return props;
|
||||
};
|
||||
|
|
@ -150,15 +148,6 @@ const createGuest = function (embedder: Electron.WebContents, embedderFrameId: n
|
|||
});
|
||||
}
|
||||
|
||||
guest.on('new-window', function (event, url, frameName, disposition, options) {
|
||||
sendToEmbedder(IPC_MESSAGES.GUEST_VIEW_INTERNAL_DISPATCH_EVENT, 'new-window', {
|
||||
url,
|
||||
frameName,
|
||||
disposition,
|
||||
options: sanitizeOptionsForGuest(options)
|
||||
});
|
||||
});
|
||||
|
||||
// Dispatch guest's IPC messages to embedder.
|
||||
guest.on('ipc-message-host' as any, function (event: Electron.IpcMainEvent, channel: string, args: any[]) {
|
||||
sendToEmbedder(IPC_MESSAGES.GUEST_VIEW_INTERNAL_DISPATCH_EVENT, 'ipc-message', {
|
||||
|
|
|
|||
|
|
@ -1,4 +1,16 @@
|
|||
export const webViewEvents: Record<string, readonly string[]> = {
|
||||
type Sanitizer = (obj: Record<string, any>) => Record<string, any>;
|
||||
|
||||
function makeSanitizer (names: string[]): Sanitizer {
|
||||
return (obj: Record<string, any>) => {
|
||||
const ret = { ...obj };
|
||||
for (const name of names) {
|
||||
delete ret[name];
|
||||
}
|
||||
return ret;
|
||||
};
|
||||
}
|
||||
|
||||
export const webViewEvents: Record<string, readonly (string | readonly [string, Sanitizer])[]> = {
|
||||
'load-commit': ['url', 'isMainFrame'],
|
||||
'did-attach': [],
|
||||
'did-finish-load': [],
|
||||
|
|
@ -8,7 +20,8 @@ export const webViewEvents: Record<string, readonly string[]> = {
|
|||
'did-stop-loading': [],
|
||||
'dom-ready': [],
|
||||
'console-message': ['level', 'message', 'line', 'sourceId'],
|
||||
'context-menu': ['params'],
|
||||
'context-menu': [['params', makeSanitizer(['frame'])]],
|
||||
'new-window': ['url', 'frameName', 'disposition', ['options', makeSanitizer(['webContents'])]],
|
||||
'devtools-opened': [],
|
||||
'devtools-closed': [],
|
||||
'devtools-focused': [],
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче