mailto link inside webxdc causes blank page

deltachat / deltachat-desktop

Email-based instant messaging for Desktop.

GNU General Public License v3.0

898 stars 166 forks source link

Closed adbenitez closed 9 months ago

adbenitez commented 11 months ago

Simon-Laux commented 11 months ago

we would need to upgrade electron for this or get rid of the iframe (FILL 500 hack)

Simon-Laux commented 11 months ago

this requires electron 25+

Simon-Laux commented 11 months ago

WofWca commented 10 months ago

get rid of the iframe (FILL 500 hack)

How would that work? I see that the wrapper is still used in #3381.

It looks to me like this piece of code does nothing, after the introduction of the WebRTC exfiltration mitigation:

Because all navigation is prevented anyway:

I might be wrong though.

Simon-Laux commented 10 months ago

We need to either get rid of the frame again or use an electron version that has the "will-frame-navigate" event.

Someone could also attempt to backport the event to electron 22, but that might be to complicated.

WofWca commented 10 months ago

How does "will-frame-navigate" help?

We want an <iframe> because:

Upon initial load, we want to execute the 500 hack before the app gets a chance to execute its code
If there is a page reload, we need to make sure to have 500 RTCPeerConnection at all times while the user script is active.

Does the new Electron allow to solve the reload problem?

Simon-Laux commented 10 months ago

How does "will-frame-navigate" help?

It allows us to use the code you mentioned in your previous comment again. Or have I missed something?

WofWca commented 10 months ago

Yeah, for "will-frame-navigate" that's true (I think), but I'm asking about how it's gonna help get rid of the wrapper <iframe>.

Simon-Laux commented 10 months ago

It won't, I said we "either" need one or the other, not both.

WofWca commented 10 months ago

Oh I see. How does the new Electron version allow to get rid of the 500 hack then?

Simon-Laux commented 10 months ago

How does the new Electron version allow to get rid of the 500 hack then?

no, this is just about the mailto: stuff discussed in this issue.

My communication seems lacks here, please tell me how to improve it.

WofWca commented 10 months ago

Ok, it's my bad, sorry 🤦‍♀️ I read

we would need to upgrade electron for this or get rid of the iframe (FILL 500 hack)

as "for this to get rid". I thought you have an idea of how to get rid of the <iframe>, it's why I keep asking.

Simon-Laux commented 9 months ago

looks like we did not even need the electron upgrade, in the end it was contents.setWindowOpenHandler()