Sub frames should get an isolated context when node is enabled in sub frames #16804

samuelmaddock · 2019-02-07T03:44:08Z

Electron Version (output of node_modules/.bin/electron --version):
- 5.x.x

Expected Behavior

Context isolation should be enabled in subframes when the nodeIntegrationInSubFrames option is provided.

Actual behavior

Context isolation is not enabled for node environments in subframes.

To Reproduce

Enable nodeIntegrationInSubFrames and load any content in a subframe.

Additional Information

See #16425 and https://github.com/electron/electron/blob/master/atom/renderer/atom_render_frame_observer.cc#L92-L104

I started working on a fix, but wasn't sure if the preload_bundle was actually being run in the correct context.

diff --git a/atom/renderer/atom_render_frame_observer.cc b/atom/renderer/atom_render_frame_observer.cc
index f8a54a199..b878954cc 100644
--- a/atom/renderer/atom_render_frame_observer.cc
+++ b/atom/renderer/atom_render_frame_observer.cc
@@ -12,6 +12,8 @@
 #include "atom/common/heap_snapshot.h"
 #include "atom/common/native_mate_converters/value_converter.h"
 #include "atom/common/node_includes.h"
+#include "atom/common/options_switches.h"
+#include "base/command_line.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/threading/thread_restrictions.h"
 #include "base/trace_event/trace_event.h"
@@ -95,9 +97,17 @@ void AtomRenderFrameObserver::DidCreateScriptContext(
   if (ShouldNotifyClient(world_id))
     renderer_client_->DidCreateScriptContext(context, render_frame_);
 
-  if (renderer_client_->isolated_world() && IsMainWorld(world_id) &&
-      // Only the top window's main frame has isolated world.
-      render_frame_->IsMainFrame() && !render_frame_->GetWebFrame()->Opener()) {
+  bool use_context_isolation = renderer_client_->isolated_world();
+  bool is_main_world = IsMainWorld(world_id);
+  bool is_main_frame = render_frame_->IsMainFrame();
+  bool is_not_opened = !render_frame_->GetWebFrame()->Opener();
+  bool allow_node_in_sub_frames =
+      base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kNodeIntegrationInSubFrames);
+  bool should_create_isolated_context =
+      use_context_isolation && (is_main_frame || allow_node_in_sub_frames) && is_main_world && is_not_opened;
+
+  if (should_create_isolated_context) {
     CreateIsolatedWorldContext();
     renderer_client_->SetupMainWorldOverrides(context, render_frame_);
   }

The text was updated successfully, but these errors were encountered:

sofianguy added bug 🪲 5-0-x labels Feb 7, 2019

sofianguy added this to Unsorted Issues in 5.0.x Feb 7, 2019

samuelmaddock mentioned this issue Feb 8, 2019

fix: support chrome extensions in sandboxed renderer #16218

Merged

5 tasks

sofianguy moved this from Unsorted Issues to Doesn't Block Stable in 5.0.x Feb 14, 2019

samuelmaddock self-assigned this Feb 27, 2019

samuelmaddock mentioned this issue Feb 27, 2019

fix: run subframe preload bundles in isolated context #17165

Merged

6 tasks

MarshallOfSound closed this as completed in #17165 Mar 7, 2019

sofianguy moved this from Doesn't Block Stable to Fixed for Next Release in 5.0.x Mar 20, 2019

sofianguy moved this from Fixed for Next Release to Fixed in 5.0.0-beta.6 in 5.0.x Mar 20, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sub frames should get an isolated context when node is enabled in sub frames #16804

Sub frames should get an isolated context when node is enabled in sub frames #16804

samuelmaddock commented Feb 7, 2019 •

edited

Sub frames should get an isolated context when node is enabled in sub frames #16804

Sub frames should get an isolated context when node is enabled in sub frames #16804

Comments

samuelmaddock commented Feb 7, 2019 • edited

Expected Behavior

Actual behavior

To Reproduce

Additional Information

samuelmaddock commented Feb 7, 2019 •

edited