Skip to content

Commit

Permalink
Add SecurityManager.canEmbed()
Browse files Browse the repository at this point in the history
  • Loading branch information
@GarboMuffin
GarboMuffin committed Aug 24, 2023
1 parent 6f335ec commit 621ccef
Show file tree
Hide file tree
Showing 5 changed files with 28 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/extension-support/extension-worker.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ Object.assign(global.Scratch, ScratchCommon, {
canReadClipboard: () => Promise.resolve(false),
canNotify: () => Promise.resolve(false),
canGeolocate: () => Promise.resolve(false),
canEmbed: () => Promise.resolve(false),
translate
});

Expand Down
9 changes: 9 additions & 0 deletions src/extension-support/tw-security-manager.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,15 @@ class SecurityManager {
canGeolocate () {
return Promise.resolve(true);
}

/**
* Determine whether an extension is allowed to embed content from a given URL.
* @param {string} documentURL The URL of the embed.
* @returns {Promise<boolean>|boolean}
*/
canEmbed (documentURL) {
return Promise.resolve(true);
}
}

module.exports = SecurityManager;
2 changes: 2 additions & 0 deletions src/extension-support/tw-unsandboxed-extension-runner.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,8 @@ const setupUnsandboxedExtensionAPI = vm => new Promise(resolve => {

Scratch.canGeolocate = async () => vm.securityManager.canGeolocate();

Scratch.canEmbed = async url => vm.securityManager.canEmbed(url);

Scratch.fetch = async (url, options) => {
const actualURL = url instanceof Request ? url.url : url;
if (!await Scratch.canFetch(actualURL)) {
Expand Down
5 changes: 5 additions & 0 deletions test/unit/tw_sandboxed_extensions.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,3 +131,8 @@ test('canGeolocate', async t => {
t.equal(await global.Scratch.canGeolocate(), false);
t.end();
});

test('canEmbed', async t => {
t.equal(await global.Scratch.canEmbed('https://example.com/'), false);
t.end();
});
11 changes: 11 additions & 0 deletions test/unit/tw_unsandboxed_extensions.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -402,3 +402,14 @@ test('rewriteExtensionURL', async t => {
t.notOk(vm.extensionManager.isExtensionURLLoaded('https://turbowarp.org/rewritten.js'), 'does not mark new URL as loaded');
t.end();
});

test('canEmbed', async t => {
const vm = new VirtualMachine();
UnsandboxedExtensionRunner.setupUnsandboxedExtensionAPI(vm);

vm.securityManager.canEmbed = url => url === 'https://example.com/safe';
t.ok(await global.Scratch.canEmbed('https://example.com/safe'));
t.notOk(await global.Scratch.canEmbed('https://example.com/unsafe'));

t.end();
});

0 comments on commit 621ccef

Please sign in to comment.