Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement a node.js-free, sandboxed, context isolated renderer #92164

Closed
2 tasks
egamma opened this issue Mar 6, 2020 · 18 comments
Closed
2 tasks

Implement a node.js-free, sandboxed, context isolated renderer #92164

egamma opened this issue Mar 6, 2020 · 18 comments
Assignees
@bpasero @deepak1556 @alexdima @rzhao271
Labels
plan-item VS Code - planned item for upcoming sandbox Running VSCode in a node-free environment
Milestone
July 2022

Comments

@egamma
Copy link
Member

egamma commented Mar 6, 2020
edited by bpasero
Loading

We want to explore a model where the workbench in Electron does not access node.js APIs. In that model the Electron renderer process runs in sandboxed mode, much like any browser tab would do. Privileged code has to either move into a backend process and be accessible via IPC communication or into a preload script that exposes certain methods to the page.

July

Backlog

  • Tests:
    • common/browser: run in BrowserWindow with sandbox: true
    • node.js/electron-browser: run in ELECTRON_RUN_AS_NODE

Architecture

image
@egamma egamma added the plan-item VS Code - planned item for upcoming label Mar 6, 2020
@egamma egamma added this to the March 2020 milestone Mar 6, 2020
@kieferrm kieferrm mentioned this issue Mar 8, 2020
Closed
55 tasks
@jrieken
Copy link
Member

jrieken commented Mar 9, 2020

An "implict" node-dependency that's not listed here is code loading. Today, the loader uses the fs and vm-modules which allows for v8 cached data usage.

@bpasero
Copy link
Member

bpasero commented Mar 12, 2020
edited
Loading

Bootstrap sandboxed workbench code pointers:

  • enable sandbox & contextIsolation in window.ts
  • load something like a workbench-sandboxed.html from doGetUrl
  • this will likely fail early on because of our AMD loader requiring node.js for cached data etc. and some other things we depend on from window.js so we need something like workbench-sandboxed.js and possibly workbench-preload.js that work properly in this mode
  • instead of vs/workbench/workbench.desktop.main load a vs/workbench/workbench.desktop-sandboxed.main here with those things commented out that are not yet adopted
  • instead of vs/workbench/electron-browser/desktop.main, require a vs/workbench/browser/desktop-sandboxed.main here that brings up the workbench without depending on node.js

@bpasero bpasero added the sandbox Running VSCode in a node-free environment label Mar 24, 2020
@bpasero bpasero modified the milestones: March 2020, April 2020 Mar 27, 2020
@deepak1556 deepak1556 mentioned this issue Apr 13, 2020
Merged
@kieferrm kieferrm mentioned this issue Apr 14, 2020
Closed
45 tasks
@dbaeumer
Copy link
Member

@bpasero we shouldn't mix localization support in the Web with support for Node free renderer. We need a very different story for the Web whereas for a node free renderer we can still install the LP on the local disk. We can simply not access them from the renderer. So I will change the item (I have discussed it that way with @egamma as well)

@bpasero bpasero modified the milestones: April 2020, May 2020 Apr 27, 2020
@deepak1556 deepak1556 mentioned this issue May 8, 2020
Closed
@kieferrm kieferrm mentioned this issue May 10, 2020
Closed
61 tasks
@bpasero bpasero changed the title Exploration: node.js-free, sandboxed renderer node.js-free, sandboxed renderer May 24, 2020
@deepak1556 deepak1556 mentioned this issue May 27, 2020
Closed
13 tasks
@bpasero bpasero modified the milestones: May 2020, June 2020 May 29, 2020
@kieferrm kieferrm mentioned this issue Jun 13, 2020
Closed
57 tasks
@bpasero bpasero modified the milestones: June 2020, Backlog Jun 16, 2020
@bpasero bpasero modified the milestones: Backlog, On Deck Jun 25, 2020
@kieferrm kieferrm mentioned this issue Jul 10, 2020
Closed
49 tasks
@bpasero bpasero mentioned this issue Jul 20, 2020
Closed
This was referenced Aug 16, 2020
Closed
Closed
@kieferrm kieferrm mentioned this issue Jun 13, 2021
Closed
72 tasks
@bpasero bpasero mentioned this issue Jun 17, 2021
Closed
mjbvz added a commit that referenced this issue Jul 6, 2021
@mjbvz
Switch entirely to iframe based webviews on desktop
2222f3c 
Fixes #83188
Part of #92164

Removes our usage of the electron `<webview>` tag
This was referenced Jul 11, 2021
Closed
Closed
@kieferrm kieferrm mentioned this issue Aug 8, 2021
Closed
91 tasks
@bpasero bpasero mentioned this issue Aug 25, 2021
Closed
@Tyriar
Copy link
Member

Tyriar commented Aug 27, 2021

FYI following up on #116337, I believe the slowness I sometimes see with terminals is a result of the multiple process jumps since we can't communicate directly between the renderer and pty host yet. Was there an issue tracking this direct channel between renderer to arbitrary node process?

@bpasero
Copy link
Member

bpasero commented Aug 27, 2021

@Tyriar we had it on our project board, but not as issue. I converted it to one and suggest you ping Deepak about status: #131798

@bpasero bpasero mentioned this issue Sep 3, 2021
Closed
@egamma egamma mentioned this issue Sep 6, 2021
Closed
99 tasks
@metmeylmz

This comment has been minimized.

Sign in to view
@kieferrm kieferrm mentioned this issue Nov 7, 2021
Closed
82 tasks
@kieferrm kieferrm mentioned this issue Dec 21, 2021
Closed
91 tasks
@sandy081
Copy link
Member

sandy081 commented Jan 4, 2022

CachedExtensionScanner is owned by @alexdima and hence removing my name.

@alexdima alexdima self-assigned this Jan 11, 2022
@kieferrm kieferrm mentioned this issue Feb 7, 2022
Closed
81 tasks
@wzhudev
Copy link

wzhudev commented Feb 18, 2022
edited
Loading

Will floating window get supported (or easier to implement) under this new architecture?

@bpasero
Copy link
Member

bpasero commented Feb 18, 2022

No, it should not have any impact on that.

@kieferrm kieferrm mentioned this issue Mar 6, 2022
Closed
87 tasks
@kieferrm kieferrm mentioned this issue Apr 3, 2022
Closed
@kieferrm kieferrm mentioned this issue Apr 26, 2022
Closed
15 tasks
@kieferrm kieferrm mentioned this issue May 7, 2022
Closed
99 tasks
@bpasero bpasero modified the milestones: On Deck, July 2022 Jul 4, 2022
@bpasero bpasero mentioned this issue Jul 4, 2022
Closed
@deepak1556 deepak1556 mentioned this issue Jul 4, 2022
Open
@bpasero
Copy link
Member

bpasero commented Jul 22, 2022

I think it is about time to close this one, insider builds are out on all platforms that allow to enable the sandbox via "window.experimental.useSandbox": true and #155827 is a test plan item to verify it works.

Remaining issues are tracked with sandbox label: sandbox Running VSCode in a node-free environment

Thinking on the timeline:

  • enable sandbox by default in insiders in August
  • enable sandbox by default in stable in September/October pending issues found

🥇

@bpasero bpasero closed this as completed Jul 22, 2022
@github-actions github-actions bot locked and limited conversation to collaborators Sep 5, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@bpasero bpasero

@deepak1556 deepak1556

@alexdima alexdima

@rzhao271 rzhao271

Labels
plan-item VS Code - planned item for upcoming sandbox Running VSCode in a node-free environment
Projects
None yet
Milestone
July 2022
Development

No branches or pull requests
13 participants
@egamma @bpasero @deepak1556 @jrieken @dbaeumer @Tyriar @alexdima @rzhao271 @sandy081 @wzhudev @mjbvz @metmeylmz and others