New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: illegal access errors with nodeIntegrationInSubFrames #29093
Conversation
9a7ea4d
to
6e06f05
Compare
6e06f05
to
b5c9370
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a unique case, ideally I wouldn't worry about setup and tear down of the node environment in a frame as it shouldn't affect the execution in other node environment. In this particular case the iframe being in the same process as the parent frame performing sync navigation shares the v8 isolate and hence the disallow execution scope impacts each other. I am fine with the current solution.
NB: looks like the new test fixtures are not tested, LGTM otherwise.
@deepak1556 they're part of
? From macOS tests |
Missed that, ignore my comment. |
359eb06
to
dd01731
Compare
dd01731
to
b407d35
Compare
|
Co-authored-by: Robo <hop2deep@gmail.com>
07e9479
to
93611af
Compare
Test failures are unrelated. |
Release Notes Persisted
|
I have automatically backported this PR to "12-x-y", please check out #29169 |
I have automatically backported this PR to "13-x-y", please check out #29170 |
@deepak1556 This problem still exists. electron@13.1.9 win7 or win10 This problem occurs when I open iframe when I download a file. |
webPreferences: { |
The issue is with loading Node.js environment. Could this PR be improved to allow a pass for sandboxed renderers? Or would it also cause problems?
So we could use preload in about:blank iframes with webPreferences like this:
This would partially fix #31313 |
Description of Change
Closes #27995.
Fixes an issue where
illegal access error
would be thrown by the V8 isolate in some circumstances where an iframe was loaded and its source set later when Node.js integration is enabled in subframes. This was happening because if an iframe is created and a source is not set, the iframe loads about:blank and creates a script context for the same. We don't want to create a Node.js environment here because if the src is later set, the JS necessary to do that triggers illegal access errors when the initial about:blank Node.js environment is cleaned up.See this comment: https://source.chromium.org/chromium/chromium/src/+/main:content/renderer/render_frame_impl.h;l=870-892;drc=4b6001440a18740b76a1c63fa2a002cc941db394
cc @MarshallOfSound
Checklist
npm test
passesRelease Notes
Notes: Fixed an issue where
illegal access error
could be thrown whennodeIntegrationInSubFrames
is enabled.