feat: enable sandbox for proxy auth window (#100907)

* feat: enable sandbox for proxy auth window

* webContents.send uses structured clone algorithm

* mv electron-browser/auth.* => electron-sandbox

src/vs/code/electron-main/auth.ts

@@ -6,6 +6,7 @@
 import { localize } from 'vs/nls';
 import { Disposable } from 'vs/base/common/lifecycle';
 import { Event } from 'vs/base/common/event';
+import { URI } from 'vs/base/common/uri';
 import { BrowserWindow, BrowserWindowConstructorOptions, app, AuthInfo, WebContents, Event as ElectronEvent } from 'electron';
 
 type LoginEvent = {
@@ -58,10 +59,12 @@ export class ProxyAuthHandler extends Disposable {
 			show: true,
 			title: 'VS Code',
 			webPreferences: {
-				nodeIntegration: true,
+				preload: URI.parse(require.toUrl('vs/base/parts/sandbox/electron-browser/preload.js')).fsPath,
 				enableWebSQL: false,
+				sandbox: true,
+				devTools: false,
 				enableRemoteModule: false,
-				nativeWindowOpen: true
+				v8CacheOptions: 'bypassHeatCheck'
 			}
 		};
 
@@ -72,24 +75,27 @@ export class ProxyAuthHandler extends Disposable {
 		}
 
 		const win = new BrowserWindow(opts);
-		const config = {};
-		const baseUrl = require.toUrl('vs/code/electron-browser/proxy/auth.html');
-		const url = `${baseUrl}?config=${encodeURIComponent(JSON.stringify(config))}`;
+		const url = require.toUrl('vs/code/electron-sandbox/proxy/auth.html');
 		const proxyUrl = `${authInfo.host}:${authInfo.port}`;
 		const title = localize('authRequire', "Proxy Authentication Required");
 		const message = localize('proxyauth', "The proxy {0} requires authentication.", proxyUrl);
-		const data = { title, message };
-		const javascript = 'promptForCredentials(' + JSON.stringify(data) + ')';
 
 		const onWindowClose = () => cb('', '');
 		win.on('close', onWindowClose);
 
 		win.setMenu(null);
-		win.loadURL(url);
-		win.webContents.executeJavaScript(javascript, true).then(({ username, password }: Credentials) => {
-			cb(username, password);
+		win.webContents.on('did-finish-load', () => {
+			const data = { title, message };
+			win.webContents.send('vscode:openProxyAuthDialog', data);
+		});
+		win.webContents.on('ipc-message', (event, channel, credentials: Credentials) => {
+			if (channel === 'vscode:proxyAuthResponse') {
+				const { username, password } = credentials;
+				cb(username, password);
+			}
 			win.removeListener('close', onWindowClose);
 			win.close();
 		});
+		win.loadURL(url);
 	}
 }

src/vs/code/electron-browser/proxy/auth.html → src/vs/code/electron-sandbox/proxy/auth.html

@@ -5,7 +5,7 @@
 <head>
 	<meta charset="utf-8" />
 	<meta http-equiv="Content-Security-Policy"
-		content="default-src 'none'; img-src 'self' https: data:; media-src 'none'; child-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' https:; font-src 'self' https:;">
+		content="default-src 'none'; img-src 'self' https: data:; media-src 'none'; child-src 'self'; object-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https:; font-src 'self' https:;">
 	<style>
 		html,
 		body {
@@ -78,43 +78,6 @@
 	</section>
 </body>
 
-<script>
-
-	function promptForCredentials(data) {
-		return new Promise((c, e) => {
-			const $title = document.getElementById('title');
-			const $username = document.getElementById('username');
-			const $password = document.getElementById('password');
-			const $form = document.getElementById('form');
-			const $cancel = document.getElementById('cancel');
-			const $message = document.getElementById('message');
-
-			function submit() {
-				c({ username: $username.value, password: $password.value });
-				return false;
-			};
-
-			function cancel() {
-				c({ username: '', password: '' });
-				return false;
-			};
-
-			$form.addEventListener('submit', submit);
-			$cancel.addEventListener('click', cancel);
-
-			document.body.addEventListener('keydown', function (e) {
-				switch (e.keyCode) {
-					case 27: e.preventDefault(); e.stopPropagation(); return cancel();
-					case 13: e.preventDefault(); e.stopPropagation(); return submit();
-				}
-			});
-
-			$title.textContent = data.title;
-			$message.textContent = data.message;
-			$username.focus();
-		});
-	}
-
-</script>
+<script src="auth.js"></script>
 
 </html>

src/vs/code/electron-sandbox/proxy/auth.js

+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+'use strict';
+
+const { ipcRenderer } = window.vscode;
+
+function promptForCredentials(data) {
+	return new Promise((c, e) => {
+		const $title = document.getElementById('title');
+		const $username = document.getElementById('username');
+		const $password = document.getElementById('password');
+		const $form = document.getElementById('form');
+		const $cancel = document.getElementById('cancel');
+		const $message = document.getElementById('message');
+
+		function submit() {
+			c({ username: $username.value, password: $password.value });
+			return false;
+		}
+
+		function cancel() {
+			c({ username: '', password: '' });
+			return false;
+		}
+
+		$form.addEventListener('submit', submit);
+		$cancel.addEventListener('click', cancel);
+
+		document.body.addEventListener('keydown', function (e) {
+			switch (e.keyCode) {
+				case 27: e.preventDefault(); e.stopPropagation(); return cancel();
+				case 13: e.preventDefault(); e.stopPropagation(); return submit();
+			}
+		});
+
+		$title.textContent = data.title;
+		$message.textContent = data.message;
+		$username.focus();
+	});
+}
+
+ipcRenderer.on('vscode:openProxyAuthDialog', async (event, data) => {
+	const response = await promptForCredentials(data);
+	ipcRenderer.send('vscode:proxyAuthResponse', response);
+});