self-hosted/joplin
1
0
Fork 0
mirror of https://github.com/laurent22/joplin.git synced 2025-08-10 22:11:50 +02:00
Code Issues Releases Activity

Desktop: Fixes #12143: Disable WebView isolation by default, add feature flag (#12149)

Browse Source
This commit is contained in:
Henry Heino
2025-04-24 00:50:10 -07:00
committed by GitHub
parent 84d97e4120
commit 5f0e4bb598
2 changed files with 25 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
packages/app-desktop/services/plugins/UserWebview.tsx
View File

@@ -11,6 +11,7 @@ import { focus } from '@joplin/lib/utils/focusHandler';
import { WindowIdContext } from '../../gui/NewWindowOrIFrame';
import useSubmitHandler from './hooks/useSubmitHandler';
import useFormData from './hooks/useFormData';
import Setting from '@joplin/lib/models/Setting';
const logger = Logger.create('UserWebview');
@@ -121,12 +122,22 @@ function UserWebview(props: Props, ref: any) {
'--content-height': `${contentSize.height}px`,
} as React.CSSProperties), [contentSize.width, contentSize.height]);
const src = useMemo(() => {
const isolate = Setting.value('featureFlag.plugins.isolatePluginWebViews');
const path = `${__dirname}/UserWebviewIndex.html`;
if (isolate) {
return `joplin-content://plugin-webview/${path}`;
} else {
return `file://${path}`;
}
}, []);
return <iframe
id={props.viewId}
style={style}
className={`plugin-user-webview ${props.fitToContent ? '-fit-to-content' : ''} ${props.borderBottom ? '-border-bottom' : ''}`}
ref={viewRef}
src={`joplin-content://plugin-webview/${__dirname}/UserWebviewIndex.html`}
src={src}
></iframe>;
}

14
packages/lib/models/settings/builtInMetadata.ts
View File

@@ -1733,12 +1733,24 @@ const builtInMetadata = (Setting: typeof SettingType) => {
public: true,
storage: SettingStorage.File,
appTypes: [AppType.Desktop],
label: () => 'Stronger security controls in the Rich Text Editor',
label: () => 'Security: Stronger security controls in the Rich Text Editor',
description: () => 'Improves Rich Text Editor security by applying a strict content security policy to the Rich Text Editor\'s content.',
section: 'note',
isGlobal: true,
},
'featureFlag.plugins.isolatePluginWebViews': {
value: false,
type: SettingItemType.Bool,
public: true,
storage: SettingStorage.File,
appTypes: [AppType.Desktop],
label: () => 'Security: Improve plugin panel, editor, and dialog security',
description: () => 'Improves the security of plugin WebViews. This may break some plugins.',
section: 'note',
isGlobal: true,
},
'sync.allowUnsupportedProviders': {
value: -1,
type: SettingItemType.Int,