Electron
/
electron
зеркало из https://github.com/electron/electron.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

feat: disable the remote module by default (#22091)

This commit is contained in:
Jeremy Apthorp 2020-02-10 10:49:09 -08:00 коммит произвёл GitHub
Родитель af631f8204
Коммит b77f701aeb
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
8 изменённых файлов: 62 добавлений и 24 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

20
docs/breaking-changes.md
Просмотреть файл

@ -6,6 +6,26 @@ Breaking changes will be documented here, and deprecation warnings added to JS c
The `FIXME` string is used in code comments to denote things that should be fixed for future releases. See https://github.com/electron/electron/search?q=fixme The `FIXME` string is used in code comments to denote things that should be fixed for future releases. See https://github.com/electron/electron/search?q=fixme
## Planned Breaking API Changes (10.0)
### `enableRemoteModule` defaults to `false`
In Electron 9, using the remote module without explicitly enabling it via the
`enableRemoteModule` WebPreferences option began emitting a warning. In
Electron 10, the remote module is now disabled by default. To use the remote
module, `enableRemoteModule: true` must be specified in WebPreferences:
```js
const w = new BrowserWindow({
webPreferences: {
enableRemoteModule: true
}
})
```
We [recommend moving away from the remote
module](https://medium.com/@nornagon/electrons-remote-module-considered-harmful-70d69500f31).
## Planned Breaking API Changes (9.0) ## Planned Breaking API Changes (9.0)
### `<webview>.getWebContents()` ### `<webview>.getWebContents()`

2
lib/browser/remote/server.ts
Просмотреть файл

@ -321,7 +321,7 @@ const unwrapArgs = function (sender: electron.WebContents, frameId: number, cont
const isRemoteModuleEnabledImpl = function (contents: electron.WebContents) { const isRemoteModuleEnabledImpl = function (contents: electron.WebContents) {
const webPreferences = (contents as any).getLastWebPreferences() || {} const webPreferences = (contents as any).getLastWebPreferences() || {}
return webPreferences.enableRemoteModule != null ? !!webPreferences.enableRemoteModule : true return webPreferences.enableRemoteModule != null ? !!webPreferences.enableRemoteModule : false
} }
const isRemoteModuleEnabledCache = new WeakMap() const isRemoteModuleEnabledCache = new WeakMap()

8
lib/renderer/api/remote.js
Просмотреть файл

@ -13,14 +13,6 @@ const remoteObjectCache = v8Util.createIDWeakMap()
// An unique ID that can represent current context. // An unique ID that can represent current context.
const contextId = v8Util.getHiddenValue(global, 'contextId') const contextId = v8Util.getHiddenValue(global, 'contextId')
ipcRendererInternal.invoke('ELECTRON_BROWSER_GET_LAST_WEB_PREFERENCES').then(preferences => {
if (!preferences.enableRemoteModule) {
console.warn('%cElectron Deprecation Warning', 'font-weight: bold', "The 'remote' module is deprecated and will be disabled by default in a future version of Electron. To ensure a smooth upgrade and silence this warning, specify {enableRemoteModule: true} in the WebPreferences for this window.")
}
}, (err) => {
console.error('Failed to get web preferences:', err)
})
// Notify the main process when current context is going to be released. // Notify the main process when current context is going to be released.
// Note that when the renderer process is destroyed, the message may not be // Note that when the renderer process is destroyed, the message may not be
// sent, we also listen to the "render-view-deleted" event in the main process // sent, we also listen to the "render-view-deleted" event in the main process

2
shell/browser/web_contents_preferences.cc
Просмотреть файл

@ -327,7 +327,7 @@ void WebContentsPreferences::AppendCommandLineSwitches(
#if BUILDFLAG(ENABLE_REMOTE_MODULE) #if BUILDFLAG(ENABLE_REMOTE_MODULE)
// Whether to enable the remote module // Whether to enable the remote module
if (IsEnabled(options::kEnableRemoteModule, true)) if (IsEnabled(options::kEnableRemoteModule, false))
command_line->AppendSwitch(switches::kEnableRemoteModule); command_line->AppendSwitch(switches::kEnableRemoteModule);
#endif #endif

15
spec-main/api-app-spec.ts
Просмотреть файл

@ -457,7 +457,8 @@ describe('app module', () => {
w = new BrowserWindow({ w = new BrowserWindow({
show: false, show: false,
webPreferences: { webPreferences: {
nodeIntegration: true nodeIntegration: true,
enableRemoteModule: true
} }
}) })
await w.loadURL('about:blank') await w.loadURL('about:blank')
@ -474,7 +475,8 @@ describe('app module', () => {
w = new BrowserWindow({ w = new BrowserWindow({
show: false, show: false,
webPreferences: { webPreferences: {
nodeIntegration: true nodeIntegration: true,
enableRemoteModule: true
} }
}) })
await w.loadURL('about:blank') await w.loadURL('about:blank')
@ -491,7 +493,8 @@ describe('app module', () => {
w = new BrowserWindow({ w = new BrowserWindow({
show: false, show: false,
webPreferences: { webPreferences: {
nodeIntegration: true nodeIntegration: true,
enableRemoteModule: true
} }
}) })
await w.loadURL('about:blank') await w.loadURL('about:blank')
@ -508,7 +511,8 @@ describe('app module', () => {
w = new BrowserWindow({ w = new BrowserWindow({
show: false, show: false,
webPreferences: { webPreferences: {
nodeIntegration: true nodeIntegration: true,
enableRemoteModule: true
} }
}) })
await w.loadURL('about:blank') await w.loadURL('about:blank')
@ -524,7 +528,8 @@ describe('app module', () => {
w = new BrowserWindow({ w = new BrowserWindow({
show: false, show: false,
webPreferences: { webPreferences: {
nodeIntegration: true nodeIntegration: true,
enableRemoteModule: true
} }
}) })
await w.loadURL('about:blank') await w.loadURL('about:blank')

26
spec-main/api-browser-window-spec.ts
Просмотреть файл

@ -1628,6 +1628,7 @@ describe('BrowserWindow module', () => {
show: false, show: false,
webPreferences: { webPreferences: {
nodeIntegration: true, nodeIntegration: true,
enableRemoteModule: true,
preload preload
} }
}) })
@ -1749,7 +1750,7 @@ describe('BrowserWindow module', () => {
describe(description, () => { describe(description, () => {
const preload = path.join(__dirname, 'fixtures', 'module', 'preload-remote.js') const preload = path.join(__dirname, 'fixtures', 'module', 'preload-remote.js')
it('enables the remote module by default', async () => { it('disables the remote module by default', async () => {
const w = new BrowserWindow({ const w = new BrowserWindow({
show: false, show: false,
webPreferences: { webPreferences: {
@ -1760,7 +1761,7 @@ describe('BrowserWindow module', () => {
const p = emittedOnce(ipcMain, 'remote') const p = emittedOnce(ipcMain, 'remote')
w.loadFile(path.join(fixtures, 'api', 'blank.html')) w.loadFile(path.join(fixtures, 'api', 'blank.html'))
const [, remote] = await p const [, remote] = await p
expect(remote).to.equal('object') expect(remote).to.equal('undefined')
}) })
it('disables the remote module when false', async () => { it('disables the remote module when false', async () => {
@ -1777,6 +1778,21 @@ describe('BrowserWindow module', () => {
const [, remote] = await p const [, remote] = await p
expect(remote).to.equal('undefined') expect(remote).to.equal('undefined')
}) })
it('enables the remote module when true', async () => {
const w = new BrowserWindow({
show: false,
webPreferences: {
preload,
sandbox,
enableRemoteModule: true
}
})
const p = emittedOnce(ipcMain, 'remote')
w.loadFile(path.join(fixtures, 'api', 'blank.html'))
const [, remote] = await p
expect(remote).to.equal('object')
})
}) })
} }
@ -2093,7 +2109,8 @@ describe('BrowserWindow module', () => {
show: false, show: false,
webPreferences: { webPreferences: {
preload, preload,
sandbox: true sandbox: true,
enableRemoteModule: true
} }
}) })
w.loadFile(path.join(__dirname, 'fixtures', 'api', 'sandbox.html'), { search: 'reload-remote' }) w.loadFile(path.join(__dirname, 'fixtures', 'api', 'sandbox.html'), { search: 'reload-remote' })
@ -2125,7 +2142,8 @@ describe('BrowserWindow module', () => {
show: false, show: false,
webPreferences: { webPreferences: {
preload, preload,
sandbox: true sandbox: true,
enableRemoteModule: true
} }
}) })
w.webContents.once('new-window', (event, url, frameName, disposition, options) => { w.webContents.once('new-window', (event, url, frameName, disposition, options) => {

9
spec-main/api-remote-spec.ts
Просмотреть файл

@ -194,7 +194,8 @@ ifdescribe(features.isRemoteModuleEnabled())('remote module', () => {
const w = new BrowserWindow({ const w = new BrowserWindow({
show: false, show: false,
webPreferences: { webPreferences: {
preload preload,
enableRemoteModule: true
} }
}) })
w.loadURL('about:blank') w.loadURL('about:blank')
@ -207,7 +208,8 @@ ifdescribe(features.isRemoteModuleEnabled())('remote module', () => {
const w = new BrowserWindow({ const w = new BrowserWindow({
show: false, show: false,
webPreferences: { webPreferences: {
nodeIntegration: true nodeIntegration: true,
enableRemoteModule: true
} }
}) })
@ -227,7 +229,8 @@ ifdescribe(features.isRemoteModuleEnabled())('remote module', () => {
const w = new BrowserWindow({ const w = new BrowserWindow({
show: false, show: false,
webPreferences: { webPreferences: {
nodeIntegration: true nodeIntegration: true,
enableRemoteModule: true
} }
}) })
await w.loadFile(path.join(fixtures, 'api', 'remote-event-handler.html')) await w.loadFile(path.join(fixtures, 'api', 'remote-event-handler.html'))

4
spec-main/api-web-contents-spec.ts
Просмотреть файл

@ -821,7 +821,7 @@ describe('webContents module', () => {
}) })
it('can persist zoom level across navigation', (done) => { it('can persist zoom level across navigation', (done) => {
const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true } }) const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true, enableRemoteModule: true } })
let finalNavigation = false let finalNavigation = false
ipcMain.on('set-zoom', (e, host) => { ipcMain.on('set-zoom', (e, host) => {
const zoomLevel = hostZoomMap[host] const zoomLevel = hostZoomMap[host]
@ -847,7 +847,7 @@ describe('webContents module', () => {
}) })
it('can propagate zoom level across same session', (done) => { it('can propagate zoom level across same session', (done) => {
const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true } }) const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true, enableRemoteModule: true } })
const w2 = new BrowserWindow({ show: false }) const w2 = new BrowserWindow({ show: false })
w2.webContents.on('did-finish-load', () => { w2.webContents.on('did-finish-load', () => {
const zoomLevel1 = w.webContents.zoomLevel const zoomLevel1 = w.webContents.zoomLevel