Add iframe-security support.

diff --git a/renderer/atom_render_view_observer.cc b/renderer/atom_render_view_observer.cc
index 960be5c..ec6a531 100644 (file)
--- a/renderer/atom_render_view_observer.cc
+++ b/renderer/atom_render_view_observer.cc
@@ -5,12 +5,14 @@
 #include "renderer/atom_render_view_observer.h"
 
 #include "common/api/api_messages.h"
+#include "content/public/renderer/render_view.h"
 #include "ipc/ipc_message_macros.h"
 #include "renderer/api/atom_renderer_bindings.h"
 #include "renderer/atom_renderer_client.h"
 #include "third_party/WebKit/public/web/WebDraggableRegion.h"
 #include "third_party/WebKit/public/web/WebDocument.h"
 #include "third_party/WebKit/public/web/WebFrame.h"
+#include "third_party/WebKit/public/web/WebView.h"
 
 #include "common/v8/node_common.h"
 
@@ -53,6 +55,10 @@ bool AtomRenderViewObserver::OnMessageReceived(const IPC::Message& message) {
 
 void AtomRenderViewObserver::OnBrowserMessage(const string16& channel,
                                               const base::ListValue& args) {
+  WebKit::WebFrame* frame = render_view()->GetWebView()->mainFrame();
+  if (!renderer_client_->IsNodeBindingEnabled(frame))
+    return;
+
   renderer_client_->atom_bindings()->OnBrowserMessage(
       render_view(), channel, args);
 }

diff --git a/renderer/atom_renderer_client.cc b/renderer/atom_renderer_client.cc
index c89b6c2..b215e0b 100644 (file)
--- a/renderer/atom_renderer_client.cc
+++ b/renderer/atom_renderer_client.cc
@@ -6,23 +6,39 @@
 
 #include <algorithm>
 
+#include "base/command_line.h"
 #include "common/node_bindings.h"
+#include "common/options_switches.h"
 #include "renderer/api/atom_renderer_bindings.h"
 #include "renderer/atom_render_view_observer.h"
+#include "third_party/WebKit/public/web/WebFrame.h"
 
 #include "common/v8/node_common.h"
 
 namespace atom {
 
 AtomRendererClient::AtomRendererClient()
-    : node_bindings_(NodeBindings::Create(false)),
-      atom_bindings_(new AtomRendererBindings) {
+    : iframe_security_(FULL) {
+  std::string security = CommandLine::ForCurrentProcess()->
+      GetSwitchValueASCII(switches::kIframeSecurity);
+  if (security == "manual")
+    iframe_security_ = MANUAL;
+  else if (security == "none")
+    iframe_security_ = NONE;
+
+  if (IsNodeBindingEnabled()) {
+    node_bindings_.reset(NodeBindings::Create(false));
+    atom_bindings_.reset(new AtomRendererBindings);
+  }
 }
 
 AtomRendererClient::~AtomRendererClient() {
 }
 
 void AtomRendererClient::RenderThreadStarted() {
+  if (!IsNodeBindingEnabled())
+    return;
+
   node_bindings_->Initialize();
   node_bindings_->PrepareMessageLoop();
 
@@ -43,6 +59,9 @@ void AtomRendererClient::DidCreateScriptContext(WebKit::WebFrame* frame,
                                                 v8::Handle<v8::Context> context,
                                                 int extension_group,
                                                 int world_id) {
+  if (!IsNodeBindingEnabled(frame))
+    return;
+
   v8::Context::Scope scope(context);
 
   // Check the existance of process object to prevent duplicate initialization.
@@ -70,6 +89,9 @@ void AtomRendererClient::WillReleaseScriptContext(
     WebKit::WebFrame* frame,
     v8::Handle<v8::Context> context,
     int world_id) {
+  if (!IsNodeBindingEnabled(frame))
+    return;
+
   node::Environment* env = node::Environment::GetCurrent(context);
   if (env == NULL) {
     LOG(ERROR) << "Encounter a non-node context when releasing script context";
@@ -108,4 +130,15 @@ bool AtomRendererClient::ShouldFork(WebKit::WebFrame* frame,
   return true;
 }
 
+bool AtomRendererClient::IsNodeBindingEnabled(WebKit::WebFrame* frame) {
+  if (iframe_security_ == FULL)
+    return false;
+  else if (iframe_security_ == MANUAL &&
+           frame != NULL &&
+           frame->uniqueName().utf8().find("-enable-node") == std::string::npos)
+    return false;
+  else
+    return true;
+}
+
 }  // namespace atom

diff --git a/renderer/atom_renderer_client.h b/renderer/atom_renderer_client.h
index 3dde5eb..54d173b 100644 (file)
--- a/renderer/atom_renderer_client.h
+++ b/renderer/atom_renderer_client.h
@@ -23,9 +23,17 @@ class AtomRendererClient : public content::ContentRendererClient {
   AtomRendererClient();
   virtual ~AtomRendererClient();
 
+  bool IsNodeBindingEnabled(WebKit::WebFrame* frame = NULL);
+
   AtomRendererBindings* atom_bindings() const { return atom_bindings_.get(); }
 
  private:
+  enum IframeSecurity {
+    FULL,
+    MANUAL,
+    NONE,
+  };
+
   virtual void RenderThreadStarted() OVERRIDE;
   virtual void RenderViewCreated(content::RenderView*) OVERRIDE;
   virtual void DidCreateScriptContext(WebKit::WebFrame* frame,
@@ -47,6 +55,8 @@ class AtomRendererClient : public content::ContentRendererClient {
   scoped_ptr<NodeBindings> node_bindings_;
   scoped_ptr<AtomRendererBindings> atom_bindings_;
 
+  IframeSecurity iframe_security_;
+
   DISALLOW_COPY_AND_ASSIGN(AtomRendererClient);
 };