Recipe context isolation (#1456)

* Enable service contextIsolation * Enable contextIsolation on the service webviews * Expose a new API window.ferdi in the service main world to allow calling back into the service isolated world * Expose a new IPC message inject-js-unsafe from the service isolated world to execute Javascript in the service main world (i.e., run code without context isolation). While the name contains the "unsafe" suffix to show the lack of context isolation, this should mostly be safe, as no nodejs APIs are available in the injected code. * Refactor the Notifications shim into a part in the isolated world that handles displaying and modifying notifications, and a shim in the main world for the Notifications class. The two communicate via the window.ferdi endpoint and a Promise object can be used to detect notification clicks. * Refactor the screen sharing shim into a part in the isolated world that enumerated shareable screens and windows and a shim in the main world that displays the media selector and completes the media selection promise. * Expose the injectJSUnsafe API to recipes to inject javascript code into the main world without context isolation. * Expose setBadge to the main world The window.ferdi.setBadge API can be used to update the service badge from injected unsafe Javascript * Safer script injection into the service main world Make sure that we don't try to serialize stray objects back from the main world to the isolated world by always surrounding the script to be executed by an anonymous function. * Always read recipe assets as utf8 * Remove window.log from recipes We didn't use it anywhere and its behavior was confusing in production mode. * Inject multiple unsafe scripts at the same time * Find in page without remote module Remove the @electron/remote dependency from the find in page (Ctrl+F) functionality. The remote webContents is replaced with Electron IPC. Synchronous IPC messages are handled in the main Electron process, because the renderer process cannot reply to IPC messages synchronously. * Update to latest contextIsolation recipes * Fixing issue with missing 'fs' functions. Co-authored-by: Vijay A <avijayr@protonmail.com>
author: Kristóf Marussy <kristof@marussy.com> 2021-07-24 02:23:48 +0200
committer: GitHub <noreply@github.com> 2021-07-24 02:23:48 +0200
commit: 9c3c441941ad5060ec2db89b805a958a914547f3 (patch)
tree: a4224d7bd2576797b14a2ffa1d25ba6e167351ae /src/webview/recipe.js
parent: Update submodules, browserslist data updates and linter fixes [skip ci] (diff)
download: ferdium-app-9c3c441941ad5060ec2db89b805a958a914547f3.tar.gz
ferdium-app-9c3c441941ad5060ec2db89b805a958a914547f3.tar.zst
ferdium-app-9c3c441941ad5060ec2db89b805a958a914547f3.zip
1 files changed, 73 insertions, 59 deletions
diff --git a/src/webview/recipe.js b/src/webview/recipe.js
index 8da45864b..d143675dc 100644
--- a/src/webview/recipe.js
+++ b/src/webview/recipe.js
@@ -1,11 +1,9 @@
 /* eslint-disable import/first */
-import { ipcRenderer } from 'electron';
+import { contextBridge, ipcRenderer } from 'electron';
-import { getCurrentWebContents } from '@electron/remote';
 import path from 'path';
 import { autorun, computed, observable } from 'mobx';
 import fs from 'fs-extra';
 import { debounce } from 'lodash';
-import { FindInPage } from 'electron-find';
 // For some services darkreader tries to use the chrome extension message API
 // This will cause the service to fail loading
@@ -23,16 +21,81 @@ import customDarkModeCss from './darkmode/custom';
 import RecipeWebview from './lib/RecipeWebview';
 import Userscript from './lib/Userscript';
-import { switchDict, getSpellcheckerLocaleByFuzzyIdentifier } from './spellchecker';
+import { BadgeHandler } from './badge';
-import { injectDarkModeStyle, isDarkModeStyleInjected, removeDarkModeStyle } from './darkmode';
 import contextMenu from './contextMenu';
-import './notifications';
+import { injectDarkModeStyle, isDarkModeStyleInjected, removeDarkModeStyle } from './darkmode';
-import { screenShareCss } from './screenshare';
+import FindInPage from './find';
+import { NotificationsHandler, notificationsClassDefinition } from './notifications';
+import { getDisplayMediaSelector, screenShareCss, screenShareJs } from './screenshare';
+import { switchDict, getSpellcheckerLocaleByFuzzyIdentifier } from './spellchecker';
-import { DEFAULT_APP_SETTINGS, isDevMode } from '../environment';
+import { DEFAULT_APP_SETTINGS } from '../environment';
 const debug = require('debug')('Ferdi:Plugin');
+const badgeHandler = new BadgeHandler();
+const notificationsHandler = new NotificationsHandler();
+// Patching window.open
+const originalWindowOpen = window.open;
+window.open = (url, frameName, features) => {
+  debug('window.open', url, frameName, features);
+  if (!url) {
+    // The service hasn't yet supplied a URL (as used in Skype).
+    // Return a new dummy window object and wait for the service to change the properties
+    const newWindow = {
+      location: {
+        href: '',
+      },
+    };
+    const checkInterval = setInterval(() => {
+      // Has the service changed the URL yet?
+      if (newWindow.location.href !== '') {
+        if (features) {
+          originalWindowOpen(newWindow.location.href, frameName, features);
+        } else {
+          // Open the new URL
+          ipcRenderer.sendToHost('new-window', newWindow.location.href);
+        }
+        clearInterval(checkInterval);
+      }
+    }, 0);
+    setTimeout(() => {
+      // Stop checking for location changes after 1 second
+      clearInterval(checkInterval);
+    }, 1000);
+    return newWindow;
+  }
+  // We need to differentiate if the link should be opened in a popup or in the systems default browser
+  if (!frameName && !features && typeof features !== 'string') {
+    return ipcRenderer.sendToHost('new-window', url);
+  }
+  if (url) {
+    return originalWindowOpen(url, frameName, features);
+  }
+};
+// We can't override APIs here, so we first expose functions via window.ferdi,
+// then overwrite the corresponding field of the window object by injected JS.
+contextBridge.exposeInMainWorld('ferdi', {
+  open: window.open,
+  setBadge: (direct, indirect) => badgeHandler.setBadge(direct || 0, indirect || 0),
+  displayNotification: (title, options) => notificationsHandler.displayNotification(title, options),
+  getDisplayMediaSelector,
+});
+ipcRenderer.sendToHost('inject-js-unsafe',
+  'window.open = window.ferdi.open;',
+  notificationsClassDefinition,
+  screenShareJs);
 class RecipeController {
  @observable settings = {
    overrideSpellcheckerLanguage: false,
@@ -97,7 +160,7 @@ class RecipeController {
    autorun(() => this.update());
    document.addEventListener('DOMContentLoaded', () => {
-      this.findInPage = new FindInPage(getCurrentWebContents(), {
+      this.findInPage = new FindInPage({
        inputFocusColor: '#CE9FFC',
        textColor: '#212121',
      });
@@ -111,7 +174,7 @@ class RecipeController {
    // Delete module from cache
    delete require.cache[require.resolve(modulePath)];
    try {
-      this.recipe = new RecipeWebview();
+      this.recipe = new RecipeWebview(badgeHandler, notificationsHandler);
      // eslint-disable-next-line
      require(modulePath)(this.recipe, {...config, recipe,});
      debug('Initialize Recipe', config, recipe);
@@ -327,52 +390,3 @@ class RecipeController {
 /* eslint-disable no-new */
 new RecipeController();
 /* eslint-enable no-new */
-// Patching window.open
-const originalWindowOpen = window.open;
-window.open = (url, frameName, features) => {
-  debug('window.open', url, frameName, features);
-  if (!url) {
-    // The service hasn't yet supplied a URL (as used in Skype).
-    // Return a new dummy window object and wait for the service to change the properties
-    const newWindow = {
-      location: {
-        href: '',
-      },
-    };
-    const checkInterval = setInterval(() => {
-      // Has the service changed the URL yet?
-      if (newWindow.location.href !== '') {
-        if (features) {
-          originalWindowOpen(newWindow.location.href, frameName, features);
-        } else {
-          // Open the new URL
-          ipcRenderer.sendToHost('new-window', newWindow.location.href);
-        }
-        clearInterval(checkInterval);
-      }
-    }, 0);
-    setTimeout(() => {
-      // Stop checking for location changes after 1 second
-      clearInterval(checkInterval);
-    }, 1000);
-    return newWindow;
-  }
-  // We need to differentiate if the link should be opened in a popup or in the systems default browser
-  if (!frameName && !features && typeof features !== 'string') {
-    return ipcRenderer.sendToHost('new-window', url);
-  }
-  if (url) {
-    return originalWindowOpen(url, frameName, features);
-  }
-};
-if (isDevMode) {
-  window.log = console.log;
-}
author	Kristóf Marussy <kristof@marussy.com>	2021-07-24 02:23:48 +0200
committer	GitHub <noreply@github.com>	2021-07-24 02:23:48 +0200
commit	9c3c441941ad5060ec2db89b805a958a914547f3 (patch)
tree	a4224d7bd2576797b14a2ffa1d25ba6e167351ae /src/webview/recipe.js
parent	Update submodules, browserslist data updates and linter fixes [skip ci] (diff)
download	ferdium-app-9c3c441941ad5060ec2db89b805a958a914547f3.tar.gz ferdium-app-9c3c441941ad5060ec2db89b805a958a914547f3.tar.zst ferdium-app-9c3c441941ad5060ec2db89b805a958a914547f3.zip