From 4992f994c6d7694c2857ede65e85d10013fd86a4 Mon Sep 17 00:00:00 2001 From: yan Date: Tue, 1 Aug 2017 15:32:46 -0700 Subject: [PATCH] remove webSecurity:false in webPreferences and add some comments for security-sensitive code fix https://github.com/brave/browser-laptop/issues/10240 --- app/browser/reducers/windowsReducer.js | 7 ++----- app/browser/share.js | 2 +- app/browser/tabs.js | 19 +------------------ test/unit/app/browser/tabsTest.js | 5 ----- 4 files changed, 4 insertions(+), 29 deletions(-) diff --git a/app/browser/reducers/windowsReducer.js b/app/browser/reducers/windowsReducer.js index 233bdc4132b..edcd81afb5a 100644 --- a/app/browser/reducers/windowsReducer.js +++ b/app/browser/reducers/windowsReducer.js @@ -98,12 +98,9 @@ function windowDefaults (state) { minModalWidth: 100, windowOffset: 20, webPreferences: { + // XXX: Do not edit without security review sharedWorker: true, - nodeIntegration: false, - partition: 'default', - webSecurity: false, - allowFileAccessFromFileUrls: true, - allowUniversalAccessFromFileUrls: true + partition: 'default' } } } diff --git a/app/browser/share.js b/app/browser/share.js index ff25a2482a6..99e0a35164f 100644 --- a/app/browser/share.js +++ b/app/browser/share.js @@ -8,7 +8,7 @@ const {shell} = require('electron') const tabs = require('./tabs') const templateUrls = { - email: 'mailto:?subject={title}&body={url}', + email: 'mailto:?subject={title}&body={url}', // Do not edit without security review facebook: 'https://www.facebook.com/sharer.php?u={url}', pinterest: 'https://pinterest.com/pin/create/bookmarklet/?url={url}&description={title}', twitter: 'https://twitter.com/intent/tweet?url={url}&text={title}&hashtags=brave', diff --git a/app/browser/tabs.js b/app/browser/tabs.js index bebe53607e4..3d6aeb50e55 100644 --- a/app/browser/tabs.js +++ b/app/browser/tabs.js @@ -5,10 +5,9 @@ const appActions = require('../../js/actions/appActions') const windowActions = require('../../js/actions/windowActions') const tabActions = require('../common/actions/tabActions') -const config = require('../../js/constants/config') const Immutable = require('immutable') const tabState = require('../common/state/tabState') -const {app, BrowserWindow, extensions, session, ipcMain} = require('electron') +const {app, extensions, session, ipcMain} = require('electron') const {makeImmutable} = require('../common/state/immutableUtil') const {getTargetAboutUrl, getSourceAboutUrl, isSourceAboutUrl, newFrameUrl, isTargetAboutUrl, isIntermediateAboutPage, isTargetMagnetUrl, getSourceMagnetUrl} = require('../../js/lib/appUrlUtil') const {isURL, getUrlFromInput, toPDFJSLocation, getDefaultFaviconUrl, isHttpOrHttps, getLocationIfPDF} = require('../../js/lib/urlutil') @@ -699,22 +698,6 @@ const api = { }) }, - executeScriptInBackground: (script, cb) => { - const win = new BrowserWindow({ - show: false, - webPreferences: { - partition: 'default' - } - }) - win.webContents.on('did-finish-load', (e) => { - win.webContents.executeScriptInTab(config.braveExtensionId, script, {}, (err, url, result) => { - cb(err, url, result) - setImmediate(() => win.close()) - }) - }) - win.loadURL('about:blank') - }, - moveTo: (state, tabId, frameOpts, browserOpts, windowId) => { frameOpts = makeImmutable(frameOpts) browserOpts = makeImmutable(browserOpts) diff --git a/test/unit/app/browser/tabsTest.js b/test/unit/app/browser/tabsTest.js index 409865d388c..af4bdde92d0 100644 --- a/test/unit/app/browser/tabsTest.js +++ b/test/unit/app/browser/tabsTest.js @@ -352,11 +352,6 @@ describe('tabs API unit tests', function () { }) }) - describe.skip('executeScriptInBackground', function () { - it('todo', function () { - }) - }) - describe.skip('createTab', function () { it('todo', function () { })