chore: make nodeIntegration / webviewTag defaults false

atom/browser/web_contents_preferences.cc

@@ -99,9 +99,9 @@ WebContentsPreferences::WebContentsPreferences(
   // Set WebPreferences defaults onto the JS object
   SetDefaultBoolIfUndefined(options::kPlugins, false);
   SetDefaultBoolIfUndefined(options::kExperimentalFeatures, false);
-  bool node = SetDefaultBoolIfUndefined(options::kNodeIntegration, true);
+  SetDefaultBoolIfUndefined(options::kNodeIntegration, false);
   SetDefaultBoolIfUndefined(options::kNodeIntegrationInWorker, false);
-  SetDefaultBoolIfUndefined(options::kWebviewTag, node);
+  SetDefaultBoolIfUndefined(options::kWebviewTag, false);
   SetDefaultBoolIfUndefined(options::kSandbox, false);
   SetDefaultBoolIfUndefined(options::kNativeWindowOpen, false);
   SetDefaultBoolIfUndefined(options::kContextIsolation, false);
@@ -236,7 +236,6 @@ void WebContentsPreferences::AppendCommandLineSwitches(
     command_line->AppendSwitch(switches::kNodeIntegrationInWorker);
 
   // Check if webview tag creation is enabled, default to nodeIntegration value.
-  // TODO(kevinsawicki): Default to false in 2.0
   if (IsEnabled(options::kWebviewTag))
     command_line->AppendSwitch(switches::kWebviewTag);
 

lib/browser/guest-view-manager.js

@@ -202,7 +202,7 @@ const attachGuest = function (event, embedderFrameId, elementInstanceId, guestIn
 
   const webPreferences = {
     guestInstanceId: guestInstanceId,
-    nodeIntegration: params.nodeintegration != null ? params.nodeintegration : false,
+    nodeIntegration: params.nodeintegration,
     enableRemoteModule: params.enableremotemodule,
     plugins: params.plugins,
     zoomFactor: embedder._getZoomFactor(),
@@ -237,7 +237,6 @@ const attachGuest = function (event, embedderFrameId, elementInstanceId, guestIn
     ['contextIsolation', true],
     ['javascript', false],
     ['nativeWindowOpen', true],
-    ['nodeIntegration', false],
     ['enableRemoteModule', false],
     ['sandbox', true]
   ])

lib/browser/guest-window-manager.js

@@ -13,10 +13,8 @@ const inheritedWebPreferences = new Map([
   ['contextIsolation', true],
   ['javascript', false],
   ['nativeWindowOpen', true],
-  ['nodeIntegration', false],
   ['enableRemoteModule', false],
-  ['sandbox', true],
-  ['webviewTag', false]
+  ['sandbox', true]
 ])
 
 // Copy attribute of |parent| to |child| if it is not defined in |child|.

lib/renderer/init.js

@@ -34,7 +34,7 @@ require('@electron/internal/renderer/web-frame-init')()
 const { hasSwitch, getSwitchValue } = require('@electron/internal/renderer/command-line')
 
 const contextIsolation = hasSwitch('context-isolation')
-let nodeIntegration = hasSwitch('node-integration')
+const nodeIntegration = hasSwitch('node-integration')
 const webviewTag = hasSwitch('webview-tag')
 const isHiddenPage = hasSwitch('hidden-page')
 const isBackgroundPage = hasSwitch('background-page')
@@ -60,14 +60,11 @@ if (contextIsolation) {
 if (window.location.protocol === 'chrome-devtools:') {
   // Override some inspector APIs.
   require('@electron/internal/renderer/inspector')
-  nodeIntegration = false
 } else if (window.location.protocol === 'chrome-extension:') {
   // Add implementations of chrome API.
   require('@electron/internal/renderer/chrome-api').injectTo(window.location.hostname, isBackgroundPage, window)
-  nodeIntegration = false
 } else if (window.location.protocol === 'chrome:') {
   // Disable node integration for chrome UI scheme.
-  nodeIntegration = false
 } else {
   // Override default web functions.
   require('@electron/internal/renderer/window-setup')(ipcRenderer, guestInstanceId, openerId, isHiddenPage, usesNativeWindowOpen)

spec/api-app-spec.js

@@ -32,7 +32,10 @@ describe('electron module', () => {
       window = new BrowserWindow({
         show: false,
         width: 400,
-        height: 400
+        height: 400,
+        webPreferences: {
+          nodeIntegration: true
+        }
       })
     })
 
@@ -298,7 +301,12 @@ describe('app module', () => {
         password: 'electron'
       }
 
-      w = new BrowserWindow({ show: false })
+      w = new BrowserWindow({
+        show: false,
+        webPreferences: {
+          nodeIntegration: true
+        }
+      })
 
       w.webContents.on('did-finish-load', () => {
         expect(w.webContents.getTitle()).to.equal('authorized')
@@ -375,7 +383,12 @@ describe('app module', () => {
         expect(webContents).to.equal(w.webContents)
         done()
       })
-      w = new BrowserWindow({ show: false })
+      w = new BrowserWindow({
+        show: false,
+        webPreferences: {
+          nodeIntegration: true
+        }
+      })
       w.loadURL('about:blank')
       w.webContents.executeJavaScript(`require('electron').desktopCapturer.getSources({ types: ['screen'] }, () => {})`)
     })
@@ -386,7 +399,12 @@ describe('app module', () => {
         expect(moduleName).to.equal('test')
         done()
       })
-      w = new BrowserWindow({ show: false })
+      w = new BrowserWindow({
+        show: false,
+        webPreferences: {
+          nodeIntegration: true
+        }
+      })
       w.loadURL('about:blank')
       w.webContents.executeJavaScript(`require('electron').remote.require('test')`)
     })
@@ -397,7 +415,12 @@ describe('app module', () => {
         expect(globalName).to.equal('test')
         done()
       })
-      w = new BrowserWindow({ show: false })
+      w = new BrowserWindow({
+        show: false,
+        webPreferences: {
+          nodeIntegration: true
+        }
+      })
       w.loadURL('about:blank')
       w.webContents.executeJavaScript(`require('electron').remote.getGlobal('test')`)
     })
@@ -590,6 +613,7 @@ describe('app module', () => {
       w = new BrowserWindow({
         show: false,
         webPreferences: {
+          nodeIntegration: true,
           partition: 'empty-certificate'
         }
       })