electron icon indicating copy to clipboard operation
electron copied to clipboard

Published 20 hours ago verified publisher icon electron

feat: add WebContents.opener and webContents.fromFrame()

Open samuelmaddock opened this issue 3 years ago • 8 comments

Description of Change

closes #24807

Adds the ability to get the window opener of a WebContents.

// From WebContents instance
contents.opener;

// From WebFrameMain instance
webContents.fromFrame(frame)?.opener;

I'd like to also add WebFrameMain.opener, but there's no public API for this in render_frame_host.h

Checklist

Release Notes

Notes:

  • Added WebContents.opener to access window opener.
  • Added webContents.fromFrame(frame) to get the WebContents corresponding to a WebFrameMain instance.

samuelmaddock avatar Jul 29 '22 19:07 samuelmaddock

So if an iframe opens a child window. childWindow.webContents.opener will point to windowOwningIframe not the iframe itself?

MarshallOfSound avatar Jul 29 '22 19:07 MarshallOfSound

So if an iframe opens a child window. childWindow.webContents.opener will point to windowOwningIframe not the iframe itself?

opener returns an instance of RenderFrameHost which would be an iframe in that case. I based the docs definition off of MDN's description. Realizing now that "window" is ambiguous though.

samuelmaddock avatar Jul 29 '22 19:07 samuelmaddock

I feel like there must be a way to validate that a RFH is controlled by a particular security origin! Perhaps SiteInstance is the way here? render_frame_host()->GetSiteInstance()->GetSecurityOrigin() maybe? Though SiteInstance isn't reliable in the face of non-site-per-process process models.

I feel like going through WebContents here is weird and wrong though. If Site A has a cross-origin iframe B in it, and B opens a child window C, would C.webContents.opener give A.webContents? That seems bad!

nornagon avatar Aug 24 '22 22:08 nornagon

Is this no longer needed now that we have webFrameMain.origin?

nornagon avatar Sep 13 '22 16:09 nornagon

Is this no longer needed now that we have webFrameMain.origin?

Yeah, let's close unless we find another use case for it.

samuelmaddock avatar Sep 13 '22 16:09 samuelmaddock

Is this no longer needed now that we have webFrameMain.origin?

Yeah, let's close unless we find another use case for it.

samuelmaddock avatar Sep 13 '22 16:09 samuelmaddock

Isn't my issue that would have been fixed by this a use case? The origin from what I can tell by that PR is just the URL (unless I misinterpreted something).

pushkin- avatar Sep 13 '22 16:09 pushkin-

Isn't my issue that would have been fixed by this a use case? The origin from what I can tell by that PR is just the URL (unless I misinterpreted something).

Ah yes, sorry about that. I believe the API surface is small enough that there's little risk in introducing it.

@nornagon lmk you're thoughts on still merging this to address the linked issue.

samuelmaddock avatar Sep 13 '22 18:09 samuelmaddock

Release Notes Persisted

  • Added WebContents.opener to access window opener.
  • Added webContents.fromFrame(frame) to get the WebContents corresponding to a WebFrameMain instance.

release-clerk[bot] avatar Sep 26 '22 16:09 release-clerk[bot]

I have automatically backported this PR to "21-x-y", please check out #35819

trop[bot] avatar Sep 26 '22 16:09 trop[bot]