1
0
mirror of https://github.com/lensapp/lens.git synced 2025-05-20 05:10:56 +00:00

Remove support for webview tags

Signed-off-by: Sebastian Malton <sebastian@malton.name>
This commit is contained in:
Sebastian Malton 2022-08-10 09:05:30 -04:00
parent 8fbfd1127e
commit 675ce7737b

View File

@ -76,7 +76,6 @@ const createElectronWindowInjectable = getInjectable({
webPreferences: { webPreferences: {
nodeIntegration: true, nodeIntegration: true,
nodeIntegrationInSubFrames: true, nodeIntegrationInSubFrames: true,
webviewTag: true,
contextIsolation: false, contextIsolation: false,
}, },
}); });
@ -87,20 +86,16 @@ const createElectronWindowInjectable = getInjectable({
.on("focus", () => { .on("focus", () => {
configuration.onFocus?.(); configuration.onFocus?.();
}) })
.on("blur", () => { .on("blur", () => {
configuration.onBlur?.(); configuration.onBlur?.();
}) })
.on("closed", () => { .on("closed", () => {
configuration.onClose(); configuration.onClose();
applicationWindowState.unmanage(); applicationWindowState.unmanage();
}) })
.webContents.on("dom-ready", () => { .webContents.on("dom-ready", () => {
configuration.onDomReady?.(); configuration.onDomReady?.();
}) })
.on("did-fail-load", (_event, code, desc) => { .on("did-fail-load", (_event, code, desc) => {
logger.error( logger.error(
`[CREATE-ELECTRON-WINDOW]: Failed to load window "${configuration.id}"`, `[CREATE-ELECTRON-WINDOW]: Failed to load window "${configuration.id}"`,
@ -110,51 +105,11 @@ const createElectronWindowInjectable = getInjectable({
}, },
); );
}) })
.on("did-finish-load", () => { .on("did-finish-load", () => {
logger.info( logger.info(
`[CREATE-ELECTRON-WINDOW]: Window "${configuration.id}" loaded`, `[CREATE-ELECTRON-WINDOW]: Window "${configuration.id}" loaded`,
); );
}) })
.on("will-attach-webview", (event, webPreferences, params) => {
logger.debug(
`[CREATE-ELECTRON-WINDOW]: Attaching webview to window "${configuration.id}"`,
);
// Following is security recommendations because we allow webview tag (webviewTag: true)
// suggested by https://www.electronjs.org/docs/tutorial/security#11-verify-webview-options-before-creation
// and https://www.electronjs.org/docs/tutorial/security#10-do-not-use-allowpopups
if (webPreferences.preload) {
logger.warn(
"[CREATE-ELECTRON-WINDOW]: Strip away preload scripts of webview",
);
delete webPreferences.preload;
}
// @ts-expect-error some electron version uses webPreferences.preloadURL/webPreferences.preload
if (webPreferences.preloadURL) {
logger.warn(
"[CREATE-ELECTRON-WINDOW]: Strip away preload scripts of webview",
);
delete webPreferences.preload;
}
if (params.allowpopups) {
logger.warn(
"[CREATE-ELECTRON-WINDOW]: We do not allow allowpopups props, stop webview from renderer",
);
// event.preventDefault() will destroy the guest page.
event.preventDefault();
return;
}
// Always disable Node.js integration for all webviews
webPreferences.nodeIntegration = false;
})
.setWindowOpenHandler((details) => { .setWindowOpenHandler((details) => {
openBrowser(details.url).catch((error) => { openBrowser(details.url).catch((error) => {
logger.error("[CREATE-ELECTRON-WINDOW]: failed to open browser", { logger.error("[CREATE-ELECTRON-WINDOW]: failed to open browser", {