diff --git a/browser/atom_browser_client.cc b/browser/atom_browser_client.cc index b58057102..247f52db3 100644 --- a/browser/atom_browser_client.cc +++ b/browser/atom_browser_client.cc @@ -63,15 +63,15 @@ bool AtomBrowserClient::ShouldSwapProcessesForNavigation( void AtomBrowserClient::AppendExtraCommandLineSwitches( CommandLine* command_line, int child_process_id) { - // Append --iframe-security to renderer process. + // Append --node-integration to renderer process. WindowList* list = WindowList::GetInstance(); for (WindowList::const_iterator iter = list->begin(); iter != list->end(); ++iter) { NativeWindow* window = *iter; int id = window->GetWebContents()->GetRenderProcessHost()->GetID(); if (id == child_process_id) { - command_line->AppendSwitchASCII(switches::kIframeSecurity, - window->iframe_security()); + command_line->AppendSwitchASCII(switches::kNodeIntegration, + window->node_integration()); return; } } diff --git a/browser/native_window.cc b/browser/native_window.cc index b8ca401b8..c81625c36 100644 --- a/browser/native_window.cc +++ b/browser/native_window.cc @@ -48,7 +48,7 @@ NativeWindow::NativeWindow(content::WebContents* web_contents, : content::WebContentsObserver(web_contents), has_frame_(true), is_closed_(false), - iframe_security_("full"), + node_integration_("all"), weak_factory_(this), inspectable_web_contents_( brightray::InspectableWebContents::Create(web_contents)) { @@ -60,7 +60,7 @@ NativeWindow::NativeWindow(content::WebContents* web_contents, LOG(ERROR) << "Failed to set icon to " << icon; // Read iframe security before any navigation. - options->GetString(switches::kIframeSecurity, &iframe_security_); + options->GetString(switches::kNodeIntegration, &node_integration_); web_contents->SetDelegate(this); diff --git a/browser/native_window.h b/browser/native_window.h index 462d96c19..ad6e8a152 100644 --- a/browser/native_window.h +++ b/browser/native_window.h @@ -140,7 +140,7 @@ class NativeWindow : public brightray::DefaultWebContentsDelegate, } bool has_frame() const { return has_frame_; } - std::string iframe_security() const { return iframe_security_; } + std::string node_integration() const { return node_integration_; } protected: explicit NativeWindow(content::WebContents* web_contents, @@ -221,7 +221,7 @@ class NativeWindow : public brightray::DefaultWebContentsDelegate, bool is_closed_; // The security token of iframe. - std::string iframe_security_; + std::string node_integration_; // Closure that would be called when window is unresponsive when closing, // it should be cancelled when we can prove that the window is responsive. diff --git a/common/options_switches.cc b/common/options_switches.cc index 74ff309b2..f3d849ef1 100644 --- a/common/options_switches.cc +++ b/common/options_switches.cc @@ -31,7 +31,7 @@ const char kKiosk[] = "kiosk"; // Make windows stays on the top of all other windows. const char kAlwaysOnTop[] = "always-on-top"; -const char kIframeSecurity[] = "iframe-security"; +const char kNodeIntegration[] = "node-integration"; } // namespace switches diff --git a/common/options_switches.h b/common/options_switches.h index fa658d2c9..ad6b68b2e 100644 --- a/common/options_switches.h +++ b/common/options_switches.h @@ -26,7 +26,7 @@ extern const char kResizable[]; extern const char kFullscreen[]; extern const char kKiosk[]; extern const char kAlwaysOnTop[]; -extern const char kIframeSecurity[]; +extern const char kNodeIntegration[]; } // namespace switches diff --git a/renderer/atom_render_view_observer.cc b/renderer/atom_render_view_observer.cc index ec6a531e5..69d811bf5 100644 --- a/renderer/atom_render_view_observer.cc +++ b/renderer/atom_render_view_observer.cc @@ -55,6 +55,9 @@ bool AtomRenderViewObserver::OnMessageReceived(const IPC::Message& message) { void AtomRenderViewObserver::OnBrowserMessage(const string16& channel, const base::ListValue& args) { + if (!render_view()->GetWebView()) + return; + WebKit::WebFrame* frame = render_view()->GetWebView()->mainFrame(); if (!renderer_client_->IsNodeBindingEnabled(frame)) return; diff --git a/renderer/atom_renderer_client.cc b/renderer/atom_renderer_client.cc index b215e0bd2..f12fe4c1c 100644 --- a/renderer/atom_renderer_client.cc +++ b/renderer/atom_renderer_client.cc @@ -18,13 +18,17 @@ namespace atom { AtomRendererClient::AtomRendererClient() - : iframe_security_(FULL) { - std::string security = CommandLine::ForCurrentProcess()-> - GetSwitchValueASCII(switches::kIframeSecurity); - if (security == "manual") - iframe_security_ = MANUAL; - else if (security == "none") - iframe_security_ = NONE; + : node_integration_(ALL), + main_frame_(NULL) { + // Translate the token. + std::string token = CommandLine::ForCurrentProcess()-> + GetSwitchValueASCII(switches::kNodeIntegration); + if (token == "except-iframe") + node_integration_ = EXCEPT_IFRAME; + else if (token == "manual-enable-iframe") + node_integration_ = MANUAL_ENABLE_IFRAME; + else if (token == "disable") + node_integration_ = DISABLE; if (IsNodeBindingEnabled()) { node_bindings_.reset(NodeBindings::Create(false)); @@ -59,6 +63,10 @@ void AtomRendererClient::DidCreateScriptContext(WebKit::WebFrame* frame, v8::Handle context, int extension_group, int world_id) { + // The first web frame is the main frame. + if (main_frame_ == NULL) + main_frame_ = frame; + if (!IsNodeBindingEnabled(frame)) return; @@ -131,12 +139,17 @@ bool AtomRendererClient::ShouldFork(WebKit::WebFrame* frame, } bool AtomRendererClient::IsNodeBindingEnabled(WebKit::WebFrame* frame) { - if (iframe_security_ == FULL) + if (node_integration_ == DISABLE) return false; - else if (iframe_security_ == MANUAL && + // Node integration is enabled in main frame unless explictly disabled. + else if (frame == main_frame_) + return true; + else if (node_integration_ == MANUAL_ENABLE_IFRAME && frame != NULL && frame->uniqueName().utf8().find("-enable-node") == std::string::npos) return false; + else if (node_integration_ == EXCEPT_IFRAME && frame != NULL) + return false; else return true; } diff --git a/renderer/atom_renderer_client.h b/renderer/atom_renderer_client.h index 54d173b95..bc7aab740 100644 --- a/renderer/atom_renderer_client.h +++ b/renderer/atom_renderer_client.h @@ -28,10 +28,11 @@ class AtomRendererClient : public content::ContentRendererClient { AtomRendererBindings* atom_bindings() const { return atom_bindings_.get(); } private: - enum IframeSecurity { - FULL, - MANUAL, - NONE, + enum NodeIntegration { + ALL, + EXCEPT_IFRAME, + MANUAL_ENABLE_IFRAME, + DISABLE, }; virtual void RenderThreadStarted() OVERRIDE; @@ -55,7 +56,11 @@ class AtomRendererClient : public content::ContentRendererClient { scoped_ptr node_bindings_; scoped_ptr atom_bindings_; - IframeSecurity iframe_security_; + // The level of node integration we should support. + NodeIntegration node_integration_; + + // The main frame. + WebKit::WebFrame* main_frame_; DISALLOW_COPY_AND_ASSIGN(AtomRendererClient); };