mirror of
https://github.com/johannesjo/super-productivity.git
synced 2026-07-18 17:05:48 +00:00
* fix(plugins): harden node execution grants * fix(plugins): harden iframe bridge boundaries (#8208) * fix(plugins): harden iframe bridge boundaries * fix(plugins): tighten iframe bridge follow-up * test(plugins): make node-executor electron test hermetic The new plugin-node-executor test read the real built-in plugin manifest (src/assets/bundled-plugins/sync-md/manifest.json), which is a build artifact absent when 'npm run test:electron' runs in CI (before the frontend/plugin build). Stub the manifest read, scoped to the executor module via Module._load, so the grant/token/webContents assertions no longer depend on built plugin assets. * fix(plugins): allow iframe formatDate & getCurrentLanguage i18n methods The iframe API allow-list gate added in #8208 only listed a subset of the i18n methods that master's #8146 exposes to iframe plugins. Without this, plugin calls to formatDate/getCurrentLanguage (and translate) are rejected with 'Unknown API method'. Add all three so the merged gate matches the methods createBoundMethods/createPluginApiScript expose. * docs(plugins): document node-exec handoff bootstrap-ordering invariant The one-shot consumePluginNodeExecutionApi() handoff is defended by construction ordering, not structural isolation: PluginBridgeService must consume it before any plugin 'new Function' code runs (both share window.ea in one renderer realm). Document the invariant at the consumption site so a future lazy-service/early-plugin-load refactor can't silently regress it. Surfaced by the post-merge security review (latent finding; not currently exploitable). * fix(plugins): use static iframe sandbox attribute to avoid NG0910 Binding a security-sensitive iframe attribute (sandbox) via [attr.sandbox] makes Angular throw RuntimeError NG0910 and tear down the iframe, crashing the plugin view to the global error screen. This broke the plugin-iframe, plugin-loading and plugin-lifecycle e2e tests. Restore the static sandbox attribute (still without allow-same-origin, so the opaque-origin isolation from #8208 is preserved) and drop the now-unused iframeSandbox binding/import. |
||
|---|---|---|
| .. | ||
| assets | ||
| background | ||
| shared | ||
| ui | ||
| index.ts | ||
| manifest.json | ||
| setupTests.ts | ||
| types.d.ts | ||