add suport for 'nwdisable' and fix security origin

Fix #534
nwjs · Apr 14, 2013 · 8c8dd6b · 8c8dd6b
1 parent 20ff5f5
commit 8c8dd6b
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 16 deletions.
diff --git a/src/renderer/shell_content_renderer_client.cc b/src/renderer/shell_content_renderer_client.cc
@@ -24,6 +24,7 @@
 #include "base/files/file_path.h"
 #include "base/file_util.h"
 #include "base/logging.h"
+#include "base/string16.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/renderer/page_click_tracker.h"
 #include "content/nw/src/api/dispatcher.h"
@@ -125,6 +126,7 @@ void ShellContentRendererClient::RenderThreadStarted() {
   v8::ExtensionConfiguration extension_configuration(1, names);
 
   node::g_context = v8::Context::New(&extension_configuration);
+  node::g_context->SetSecurityToken(v8::String::NewSymbol("nw-token", 8));
   node::g_context->Enter();
 
   // Setup node.js.
@@ -153,33 +155,53 @@ void ShellContentRendererClient::DidCreateScriptContext(
     int extension_group,
     int world_id) {
   GURL url(frame->document().url());
-  DVLOG(1) << url;
+  VLOG(1) << "DidCreateScriptContext: " << url;
+  InstallNodeSymbols(frame, context, url);
+}
+
+bool ShellContentRendererClient::goodForNode(WebKit::WebFrame* frame)
+{
   RenderViewImpl* rv = RenderViewImpl::FromWebView(frame->view());
+  GURL url(frame->document().url());
   ProxyBypassRules rules;
   rules.ParseFromString(rv->renderer_preferences_.nw_remote_page_rules);
   bool force_on = rules.Matches(url);
-  InstallNodeSymbols(frame, context, url, force_on);
+  bool is_nw_protocol = url.SchemeIs("nw") || !url.is_valid();
+  bool use_node =
+    CommandLine::ForCurrentProcess()->HasSwitch(switches::kNodejs) &&
+    !frame->isNwDisabledChildFrame() &&
+    (force_on || url.SchemeIsFile() || is_nw_protocol);
+  return use_node;
 }
 
 bool ShellContentRendererClient::WillSetSecurityToken(
     WebKit::WebFrame* frame,
     v8::Handle<v8::Context> context) {
-  // Override context's security token
-  context->SetSecurityToken(node::g_context->GetSecurityToken());
+  GURL url(frame->document().url());
+  VLOG(1) << "WillSetSecurityToken: " << url;
+  if (goodForNode(frame)) {
+    // Override context's security token
+    context->SetSecurityToken(node::g_context->GetSecurityToken());
+    frame->document().securityOrigin().grantUniversalAccess();
+    return true;
+  }
 
-  return true;
+  // window.open frame was enabled for Node earlier
+  if (frame->isNodeJS()) {
+    frame->setNodeJS(false);
+    UninstallNodeSymbols(frame, context);
+  }
+  return false;
 }
 
 void ShellContentRendererClient::InstallNodeSymbols(
     WebKit::WebFrame* frame,
     v8::Handle<v8::Context> context,
-    const GURL& url,
-    bool force_on) {
+    const GURL& url) {
   v8::HandleScope handle_scope;
 
   static bool installed_once = false;
 
-  bool is_file_protocol = url.SchemeIsFile();
   v8::Local<v8::Object> nodeGlobal = node::g_context->Global();
   v8::Local<v8::Object> v8Global = context->Global();
 
@@ -188,16 +210,16 @@ void ShellContentRendererClient::InstallNodeSymbols(
                   v8Global->Get(v8::String::New("console")));
 
   // Do we integrate node?
-  bool use_node =
-    CommandLine::ForCurrentProcess()->HasSwitch(switches::kNodejs) &&
-    (force_on || is_file_protocol);
+  bool use_node = goodForNode(frame);
 
   // Test if protocol is 'nw:'
   // test for 'about:blank' is also here becuase window.open would
   // open 'about:blank' first // FIXME
   bool is_nw_protocol = url.SchemeIs("nw") || !url.is_valid();
 
   if (use_node || is_nw_protocol) {
+    frame->setNodeJS(true);
+
     v8::Local<v8::Array> symbols = v8::Array::New(4);
     symbols->Set(0, v8::String::New("global"));
     symbols->Set(1, v8::String::New("process"));
@@ -209,8 +231,6 @@ void ShellContentRendererClient::InstallNodeSymbols(
       v8Global->Set(key, nodeGlobal->Get(key));
     }
 
-    frame->setNodeJS(true);
-
     if (!installed_once) {
       installed_once = true;
 
@@ -301,4 +321,24 @@ v8::Handle<v8::Value> ShellContentRendererClient::ReportException(
   return v8::Undefined(); 
 }
 
+void ShellContentRendererClient::UninstallNodeSymbols(
+    WebKit::WebFrame* frame,
+    v8::Handle<v8::Context> context) {
+  v8::HandleScope handle_scope;
+
+  v8::Local<v8::Object> v8Global = context->Global();
+  v8::Local<v8::Array> symbols = v8::Array::New(5);
+  symbols->Set(0, v8::String::New("global"));
+  symbols->Set(1, v8::String::New("process"));
+  symbols->Set(2, v8::String::New("Buffer"));
+  symbols->Set(3, v8::String::New("root"));
+  symbols->Set(4, v8::String::New("require"));
+
+  for (unsigned i = 0; i < symbols->Length(); ++i) {
+    v8::Local<v8::String> key = symbols->Get(i)->ToString();
+    if(v8Global->Has(key))
+      v8Global->Delete(key);
+  }
+}
+
 }  // namespace content
diff --git a/src/renderer/shell_content_renderer_client.h b/src/renderer/shell_content_renderer_client.h
@@ -53,8 +53,10 @@ class ShellContentRendererClient : public ContentRendererClient {
   scoped_ptr<api::WindowBindings> window_bindings_;;
 
   void InstallNodeSymbols(WebKit::WebFrame* frame,
-                          v8::Handle<v8::Context> context, const GURL& url,
-                          bool force_on = false);
+                          v8::Handle<v8::Context> context, const GURL& url);
+  void UninstallNodeSymbols(WebKit::WebFrame* frame,
+                            v8::Handle<v8::Context> context);
+  bool goodForNode(WebKit::WebFrame* frame);
 
   // Catch node uncaughtException.
   static v8::Handle<v8::Value> ReportException(const v8::Arguments& args);

diff --git a/src/shell_content_browser_client.cc b/src/shell_content_browser_client.cc
@@ -194,7 +194,7 @@ void ShellContentBrowserClient::OverrideWebkitPrefs(
   // Disable web security.
   prefs->dom_paste_enabled = true;
   prefs->javascript_can_access_clipboard = true;
-  prefs->web_security_enabled = false;
+  prefs->web_security_enabled = true;
   prefs->allow_file_access_from_file_urls = true;
 
   // Open experimental features.