Merge pull request #1419 from crypto-com/fix/isolation

feat: enable contextIsolation in DAppBrowser

Author: crypto-matto

package.json

@@ -9,7 +9,7 @@
   "main": "build/electron/main.js",
   "private": true,
   "scripts": {
-    "run-audit": "yarn audit-ci --high -a 1094574 1094894",
+    "run-audit": "yarn audit-ci --high -a 1094574 1096494 1096640",
     "start": "node scripts/start.js",
     "build": "cross-env NODE_OPTIONS=--max_old_space_size=8192 && yarn clean-builds && node scripts/build.js",
     "test": "node scripts/test.js --watchAll=false",

src/pages/dapp/browser/DappBrowser.tsx

@@ -120,6 +120,12 @@ const DappBrowser = forwardRef<DappBrowserRef, DappBrowserProps>((props: DappBro
     errorCallback: Function;
   }>();
 
+  useEffect(() => {
+    if (isDOMReady && cronosAsset) {
+      webviewRef.current?.send('getAddress', [cronosAsset.address!]);
+    }
+  }, [cronosAsset, isDOMReady]);
+
   const onRequestAddress = useRefCallback((onSuccess: (address: string) => void) => {
     onSuccess(cronosAsset?.address!);
   });
@@ -425,7 +431,7 @@ const DappBrowser = forwardRef<DappBrowserRef, DappBrowserProps>((props: DappBro
         preload={ProviderPreloadScriptPath}
         ref={webviewRef}
         allowpopups={'true' as any}
-        webpreferences="contextIsolation=false, nodeIntegration=false, javascript=yes, allowpopup=yes"
+        webpreferences="contextIsolation=true, sandbox=true, nodeIntegration=false, javascript=yes, allowpopup=yes"
         useragent={window.navigator.userAgent.replace(
           'chain-desktop-wallet',
           'Desktop Wallet Build',

src/pages/dapp/browser/preload.js

@@ -1,8 +1,7 @@
 // !! if you change the location of this file, remember to change `extraResources` in package.json as well !!
 /* eslint-disable max-classes-per-file */
 /* eslint-disable */
-const { Buffer } = require('buffer');
-const { ipcRenderer } = require('electron');
+const { ipcRenderer, contextBridge } = require('electron');
 const EventEmitter = require('events');
 
 class RPCServer {
@@ -568,4 +567,107 @@ const providerConfig = {
   rpcUrl: 'https://evm.cronos.org',
   isDebug: true,
 };
-window.ethereum = new window.desktopWallet.Provider(providerConfig);
+
+const provider = new Web3Provider(providerConfig);
+
+ipcRenderer.on('getAddress', (event, args) => {
+  const address = args[0];
+
+  contextBridge.exposeInMainWorld('ethereum', {
+    address,
+    ready: true,
+    isDesktopWallet: true,
+    setConfig: (config, emitChanges) => {
+      provider.setConfig(config, emitChanges);
+    },
+    request: payload => {
+      return provider.request(payload);
+    },
+    setAddress: address => {
+      provider.setAddress(address);
+    },
+    sendResponse: (id, result) => {
+      provider.sendResponse(id, result);
+    },
+    sendError: (id, error) => {
+      provider.sendError(id, error);
+    },
+    eth_accounts: () => {
+      return provider.eth_accounts();
+    },
+    eth_coinbase: () => {
+      return provider.eth_coinbase();
+    },
+    net_version: () => {
+      return provider.net_version();
+    },
+    eth_chainId: () => {
+      return provider.eth_chainId();
+    },
+    eth_sign: payload => {
+      return provider.eth_sign(payload);
+    },
+    personal_sign: payload => {
+      return provider.personal_sign(payload);
+    },
+    personal_ecRecover: payload => {
+      return provider.personal_ecRecover(payload);
+    },
+    eth_signTypedData: (payload, useV4) => {
+      return provider.eth_signTypedData(payload, useV4);
+    },
+    eth_sendTransaction: payload => {
+      return provider.eth_sendTransaction(payload);
+    },
+    eth_requestAccounts: payload => {
+      return provider.eth_requestAccounts(payload);
+    },
+    wallet_watchAsset: payload => {
+      return provider.wallet_watchAsset(payload);
+    },
+    wallet_addEthereumChain: payload => {
+      return provider.wallet_addEthereumChain(payload);
+    },
+    wallet_switchEthereumChain: payload => {
+      return provider.wallet_switchEthereumChain(payload);
+    },
+    isConnected: () => {
+      return provider.isConnected();
+    },
+    enable: () => {
+      return provider.enable();
+    },
+    send: payload => {
+      return provider.send(payload);
+    },
+    sendAsync: (payload, callback) => {
+      return provider.sendAsync(payload, callback);
+    },
+    addEventListener: (event, callback) => {
+      provider.addListener(event, callback);
+    },
+    on: (event, callback) => {
+      provider.on(event, callback);
+    },
+    once: (event, callback) => {
+      provider.once(event, callback);
+    },
+    removeListener: (event, callback) => {
+      provider.removeListener(event, callback);
+    },
+    removeAllListeners: event => {
+      provider.removeAllListeners(event);
+    },
+    emit: (event, ...args) => {
+      provider.emit(event, ...args);
+    },
+  })
+  contextBridge.exposeInMainWorld('desktopWallet', {
+    Provider: Web3Provider,
+    postMessage: arg => {
+      ipcRenderer.sendToHost('dapp', arg);
+    },
+  })
+  
+})
+

yarn.lock

@@ -5547,9 +5547,9 @@ asap@~2.0.6:
   integrity sha1-5QNHYR1+aQlDIIu9r+vLwvuGbUY=
 
 asar@^3.1.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/asar/-/asar-3.1.0.tgz#70b0509449fe3daccc63beb4d3c7d2e24d3c6473"
-  integrity sha512-vyxPxP5arcAqN4F/ebHd/HhwnAiZtwhglvdmc7BR2f0ywbVNTOpSeyhLDbGXtE/y58hv1oC75TaNIXutnsOZsQ==
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/asar/-/asar-3.2.0.tgz#e6edb5edd6f627ebef04db62f771c61bea9c1221"
+  integrity sha512-COdw2ZQvKdFGFxXwX3oYh2/sOsJWJegrdJCGxnN4MZ7IULgRBp9P6665aqj9z1v9VwP4oP1hRBojRDQ//IGgAg==
   dependencies:
     chromium-pickle-js "^0.2.0"
     commander "^5.0.0"
@@ -6374,13 +6374,13 @@ buffer-crc32@~0.2.3:
 
 buffer-equal@1.0.0:
   version "1.0.0"
-  resolved "https://registry.yarnpkg.com/buffer-equal/-/buffer-equal-1.0.0.tgz"
-  integrity sha1-WWFrSYME1Var1GaWayLu2j7KX74=
+  resolved "https://registry.yarnpkg.com/buffer-equal/-/buffer-equal-1.0.0.tgz#59616b498304d556abd466966b22eeda3eca5fbe"
+  integrity sha512-tcBWO2Dl4e7Asr9hTGcpVrCe+F7DubpmqWCTbj4FHLmjqO2hIaC383acQubWtRJhdceqs5uBHs6Es+Sk//RKiQ==
 
 buffer-fill@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/buffer-fill/-/buffer-fill-1.0.0.tgz#f8f78b76789888ef39f205cd637f68e702122b2c"
-  integrity sha1-+PeLdniYiO858gXNY39o5wISKyw=
+  integrity sha512-T7zexNBwiiaCOGDg9xNX9PBmjrubblRkENuptryuI64URkXDFum9il/JGL8Lm8wYfAXpredVXXZz7eMHilimiQ==
 
 buffer-from@^1.0.0:
   version "1.1.2"
@@ -7036,8 +7036,8 @@ colorette@^1.2.1, colorette@^1.2.2:
 
 colors@1.0.3:
   version "1.0.3"
-  resolved "https://registry.yarnpkg.com/colors/-/colors-1.0.3.tgz"
-  integrity sha1-BDP0TYCWgP3rYO0mDxsMJi6CpAs=
+  resolved "https://registry.yarnpkg.com/colors/-/colors-1.0.3.tgz#0433f44d809680fdeb60ed260f1b0c262e82a40b"
+  integrity sha512-pFGrxThWcWQ2MsAz6RtgeWe4NK2kUE1WfsrvvlctdII745EW9I0yflqhe7++M5LEc7bV2c/9/5zc8sFcpL0Drw==
 
 combined-stream@^1.0.6, combined-stream@^1.0.8, combined-stream@~1.0.6:
   version "1.0.8"
@@ -7068,8 +7068,8 @@ command-line-usage@^6.1.0:
 
 commander@2.9.0:
   version "2.9.0"
-  resolved "https://registry.yarnpkg.com/commander/-/commander-2.9.0.tgz"
-  integrity sha1-nJkJQXbhIkDLItbFFGCYQA/g99Q=
+  resolved "https://registry.yarnpkg.com/commander/-/commander-2.9.0.tgz#9c99094176e12240cb22d6c5146098400fe0f7d4"
+  integrity sha512-bmkUukX8wAOjHdN26xj5c4ctEV22TQ7dQYhSmuckKhToXrkUn0iIaolHdIxYYqD55nhpSPA9zPQ1yP57GdXP2A==
   dependencies:
     graceful-readlink ">= 1.0.0"
 
@@ -8335,7 +8335,7 @@ diffie-hellman@^5.0.0:
 
 dir-compare@^2.4.0:
   version "2.4.0"
-  resolved "https://registry.yarnpkg.com/dir-compare/-/dir-compare-2.4.0.tgz"
+  resolved "https://registry.yarnpkg.com/dir-compare/-/dir-compare-2.4.0.tgz#785c41dc5f645b34343a4eafc50b79bac7f11631"
   integrity sha512-l9hmu8x/rjVC9Z2zmGzkhOEowZvW7pmYws5CWHutg8u1JgvsKWMx7Q/UODeu4djLZ4FgW5besw5yvMQnBHzuCA==
   dependencies:
     buffer-equal "1.0.0"
@@ -8731,7 +8731,7 @@ emoji-regex@^8.0.0:
 
 emoji-regex@^9.0.0:
   version "9.2.2"
-  resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-9.2.2.tgz"
+  resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-9.2.2.tgz#840c8803b0d8047f4ff0cf963176b32d4ef3ed72"
   integrity sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==
 
 emojis-list@^3.0.0:
@@ -10669,8 +10669,8 @@ graceful-fs@^4.2.9:
 
 "graceful-readlink@>= 1.0.0":
   version "1.0.1"
-  resolved "https://registry.yarnpkg.com/graceful-readlink/-/graceful-readlink-1.0.1.tgz"
-  integrity sha1-TK+tdrxi8C+gObL5Tpo906ORpyU=
+  resolved "https://registry.yarnpkg.com/graceful-readlink/-/graceful-readlink-1.0.1.tgz#4cafad76bc62f02fa039b2f94e9a3dd3a391a725"
+  integrity sha512-8tLu60LgxF6XpdbK8OW3FA+IfTNBn1ZHGHKF4KQbEeSkajYw5PlYJcKluntgegDPTg8UkHjpet1T82vk6TQ68w==
 
 growl@1.10.5:
   version "1.10.5"