bunite-core 0.12.1 → 0.16.0

package/src/native/win/native_host_internal.h

@@ -34,9 +34,11 @@
 #include "include/cef_app.h"
 #include "include/cef_browser.h"
 #include "include/cef_client.h"
+#include "include/cef_devtools_message_observer.h"
 #include "include/cef_command_line.h"
 #include "include/cef_parser.h"
 #include "include/cef_permission_handler.h"
+#include "include/cef_jsdialog_handler.h"
 #include "include/cef_resource_handler.h"
 #include "include/cef_resource_request_handler.h"
 #include "include/cef_scheme.h"
@@ -97,6 +99,27 @@ struct ViewHost {
   std::atomic<bool> closing = false;
   CefRefPtr<CefBrowser> browser;
   CefRefPtr<CefClient> client;
+  // DevTools observer registration — kept alive for the life of the view so
+  // CDP method results (screenshot etc.) can route back to bunite handlers.
+  CefRefPtr<CefRegistration> devtools_registration;
+
+  // Page-initiated dialog callbacks held until host responds via
+  // `respondToDialogRequest`. CEF holds the page execution while we wait.
+  std::unordered_map<uint32_t, CefRefPtr<CefJSDialogCallback>> pending_dialogs;
+  uint32_t next_dialog_request_id = 1;
+
+  // Download policy: 0=auto, 1=ask, 2=block. Default block.
+  std::atomic<int32_t> download_policy{2};
+  std::string download_dir;
+
+  // True for ViewHosts minted by OnBeforePopup; popup_accept binds them to a
+  // user window, popup_dismiss destroys them.
+  bool is_popup_pending = false;
+  // If popup_accept arrives before OnAfterCreated, stash parameters; the
+  // browser-create completion applies them.
+  struct PendingPopupAccept { uint32_t host_window_id; double x, y, w, h; };
+  std::optional<PendingPopupAccept> pending_popup_accept;
+  bool popup_dismiss_requested = false;
 
   // Pending state: applied in OnAfterCreated when browser HWND becomes available.
   bool pending_visible = true;
@@ -104,6 +127,12 @@ struct ViewHost {
   bool pending_passthrough = false;
   bool has_pending_bounds = false;
   RECT pending_bounds{0, 0, 0, 0};
+
+  // OOPIF input dispatch — populated by Target.attachedToTarget events after
+  // lazy Target.setAutoAttach. frameId → sessionId for flatten:true routing.
+  std::atomic<bool> oopif_autoattach_armed = false;
+  std::mutex oopif_sessions_mutex;
+  std::unordered_map<std::string, std::string> oopif_sessions;  // frameId → sessionId
 };
 
 struct WindowHost {
@@ -198,6 +227,9 @@ bool shouldAllowNavigation(const ViewHost* view, const std::string& url);
 void emitWindowEvent(uint32_t window_id, const char* event_name, const std::string& payload = {});
 void emitWebviewEvent(uint32_t view_id, const char* event_name, const std::string& payload = {});
 
+// Bind a popup ViewHost (created by OnBeforePopup) to a user window + bounds.
+void applyPopupAccept(ViewHost* view, uint32_t host_window_id, double x, double y, double w, double h);
+
 std::string normalizeAppResPath(const std::string& url);
 std::string getMimeType(const std::filesystem::path& file_path);
 std::string getAppResRootForView(uint32_t view_id);
@@ -214,6 +246,9 @@ void finalizeWindowHost(WindowHost* window);                // [UI thread]
 void openDevToolsForView(ViewHost* view);                   // [CEF UI thread]
 void closeDevToolsForView(ViewHost* view);                  // [CEF UI thread]
 void toggleDevToolsForView(ViewHost* view);                 // [CEF UI thread]
+void registerCdpObserverForView(ViewHost* view);            // [CEF UI thread]
+void respondToDialogRequest(ViewHost* view, uint32_t request_id,
+                            bool accept, const std::string& text);  // [CEF UI thread]
 bool initializeCefOnUiThread();                             // [UI thread]
 void shutdownCefOnUiThread();                               // [UI thread]
 void cancelPendingPermissionRequestsOnUiThread();           // [CEF UI thread]

package/src/native/win/native_host_utils.cpp

@@ -211,7 +211,8 @@ std::vector<std::string> parseNavigationRulesJson(const std::string& rules_json)
 }
 
 bool shouldAlwaysAllowNavigationUrl(const std::string& url) {
-  return url == "about:blank" || url.rfind("appres://app.internal/internal/", 0) == 0;
+  // Exact-match — prefix would let `../../evil` style paths bypass scrutiny.
+  return url == "about:blank" || url == "appres://app.internal/internal/index.html";
 }
 
 uint32_t cefPermissionsToBuniteKind(uint32_t cef_bits) {

package/src/native/win/process_helper_win.cpp

@@ -48,10 +48,10 @@ public:
     std::string script = args->GetString(1).ToString();
 
     auto context = frame->GetV8Context();
+    auto reply = CefProcessMessage::Create("bunite.evaluate.result");
+    auto rl = reply->GetArgumentList();
+    rl->SetInt(0, static_cast<int>(request_id));
     if (!context) {
-      auto reply = CefProcessMessage::Create("bunite.evaluate.result");
-      auto rl = reply->GetArgumentList();
-      rl->SetInt(0, static_cast<int>(request_id));
       rl->SetBool(1, false);
       rl->SetString(2, "runtime_error");
       rl->SetString(3, "no V8 context");
@@ -59,37 +59,64 @@ public:
       return true;
     }
 
+    // Same wrapper as WebView2/mac/linux: try/catch returning a JSON envelope
+    // string. SecurityError is detected locale-independently inside the JS.
+    std::string wrapped =
+        "(function(){try{return JSON.stringify({__bunite_ok:true,value:(" + script +
+        ")})}catch(e){var c=(e&&e.name===\"SecurityError\")?\"cross_origin\":\"runtime_error\";"
+        "return JSON.stringify({__bunite_ok:false,code:c,"
+        "message:(e&&e.message)?e.message:String(e),"
+        "name:(e&&e.name)||\"\"})}})()";
+
     context->Enter();
     CefRefPtr<CefV8Value> retval;
     CefRefPtr<CefV8Exception> exception;
-    bool ok = context->Eval(script, "bunite://evaluate", 0, retval, exception);
-
-    auto reply = CefProcessMessage::Create("bunite.evaluate.result");
-    auto rl = reply->GetArgumentList();
-    rl->SetInt(0, static_cast<int>(request_id));
-    if (ok && retval) {
-      // V8 JSON.stringify for cross-process transport.
-      auto global = context->GetGlobal();
-      auto json_obj = global->GetValue("JSON");
-      auto stringify = json_obj ? json_obj->GetValue("stringify") : nullptr;
-      std::string json_str;
-      if (stringify && stringify->IsFunction()) {
-        CefV8ValueList args2; args2.push_back(retval);
-        auto json_v = stringify->ExecuteFunction(json_obj, args2);
-        if (json_v && json_v->IsString()) json_str = json_v->GetStringValue().ToString();
+    bool ok = context->Eval(wrapped, "bunite://evaluate", 0, retval, exception);
+
+    if (ok && retval && retval->IsString()) {
+      std::string inner = retval->GetStringValue().ToString();
+      if (inner.find("\"__bunite_ok\":true") != std::string::npos) {
+        static const std::string prefix = "{\"__bunite_ok\":true,\"value\":";
+        std::string value_json = "null";
+        if (inner.compare(0, prefix.size(), prefix) == 0 &&
+            inner.size() > prefix.size() + 1) {
+          value_json = inner.substr(prefix.size(), inner.size() - prefix.size() - 1);
+        }
+        rl->SetBool(1, true);
+        rl->SetString(2, value_json);
+        rl->SetString(3, "");
+      } else {
+        // Anchor at the envelope prefix — user-controlled e.message could
+        // otherwise inject a fake "code" via the substring scan above.
+        static const std::string codePrefix = "{\"__bunite_ok\":false,\"code\":\"";
+        std::string code = "runtime_error";
+        std::string msg = "script threw";
+        if (inner.compare(0, codePrefix.size(), codePrefix) == 0) {
+          size_t start = codePrefix.size();
+          size_t end = start;
+          while (end < inner.size() && inner[end] != '"') ++end;
+          if (end > start) code = inner.substr(start, end - start);
+          static const std::string msgKey = "\",\"message\":\"";
+          if (end + msgKey.size() <= inner.size() &&
+              inner.compare(end, msgKey.size(), msgKey) == 0) {
+            size_t mstart = end + msgKey.size();
+            size_t mend = mstart;
+            while (mend < inner.size()) {
+              if (inner[mend] == '"' && (mend == mstart || inner[mend - 1] != '\\')) break;
+              ++mend;
+            }
+            if (mend > mstart) msg = inner.substr(mstart, mend - mstart);
+          }
+        }
+        rl->SetBool(1, false);
+        rl->SetString(2, code);
+        rl->SetString(3, msg);
       }
-      if (json_str.empty()) json_str = "null";
-      rl->SetBool(1, true);
-      rl->SetString(2, json_str);
-      rl->SetString(3, "");
     } else {
+      // Wrapper itself failed (syntax error in user script, or V8 internal).
       std::string msg = exception ? exception->GetMessage().ToString() : "eval failed";
-      // SecurityError typically arises from cross-origin reach.
-      std::string code = (msg.find("SecurityError") != std::string::npos ||
-                          msg.find("cross-origin") != std::string::npos)
-                         ? "cross_origin" : "runtime_error";
       rl->SetBool(1, false);
-      rl->SetString(2, code);
+      rl->SetString(2, "runtime_error");
       rl->SetString(3, msg);
     }
     context->Exit();