Facebook/react
1
0
Fork 0
mirror of https://github.com/facebook/react.git synced 2025-11-01 09:12:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
dev-tools-dynamic-auto-theme
react/packages/react-devtools-extensions/src/contentScripts/fileFetcher.js
T
Ruslan Lesiutin 09285d5a7f refactor[devtools/extension]: refactored messaging logic across different parts of the extension (#27417) 
1.
https://github.com/bvaughn/react/commit/9fc04eaf3fb701cdc14f57d5aed48f3126af6c94#diff-2c5e1f5e80e74154e65b2813cf1c3638f85034530e99dae24809ab4ad70d0143
introduced a vulnerability: we listen to `'fetch-file-with-cache'` event
from `window` to fetch sources of the file, in which we want to parse
hook names. We send this event via `window`, which means any page can
also use this and manipulate the extension to perform some `fetch()`
calls. With these changes, instead of transporting message via `window`,
we have a distinct content script, which is responsible for fetching
sources. It is notified via `chrome.runtime.sendMessage` api, so it
can't be manipulated.
2. Consistent structure of messages `{source: string, payload: object}`
in different parts of the extension
3. Added some wrappers around `chrome.scripting.executeScript` API in
`packages/react-devtools-extensions/src/background/executeScript.js`,
which support custom flow for Firefox, to simulate support of
`ExecutionWorld.MAIN`.
2023-09-25 12:02:13 -04:00

49 lines
1.0 KiB
JavaScript
Raw Permalink Blame History

/* global chrome */
function fetchResource(url) {
const reject = value => {
chrome.runtime.sendMessage({
source: 'react-devtools-fetch-resource-content-script',
payload: {
type: 'fetch-file-with-cache-error',
url,
value,
},
});
};
const resolve = value => {
chrome.runtime.sendMessage({
source: 'react-devtools-fetch-resource-content-script',
payload: {
type: 'fetch-file-with-cache-complete',
url,
value,
},
});
};
fetch(url, {cache: 'force-cache'}).then(
response => {
if (response.ok) {
response
.text()
.then(text => resolve(text))
.catch(error => reject(null));
} else {
reject(null);
}
},
error => reject(null),
);
}
chrome.runtime.onMessage.addListener(message => {
if (
message?.source === 'devtools-page' &&
message?.payload?.type === 'fetch-file-with-cache'
) {
fetchResource(message.payload.url);
}
});
Reference in New Issue View Git Blame Copy Permalink