worldSafeExecuteJavaScript support

source/app.js

@@ -275,7 +275,11 @@ class Application {
             useContentSize: true,
             resizable: true,
             fullscreenable: false,
-            webPreferences: { nodeIntegration: true }
+            webPreferences: {
+                nodeIntegration: true,
+                contextIsolation: true,
+                worldSafeExecuteJavaScript: true
+            }
         };
         if (process.platform === 'darwin') {
             options.title = '';
@@ -634,7 +638,13 @@ class View {
             minHeight: 400,
             width: size.width > 1024 ? 1024 : size.width,
             height: size.height > 768 ? 768 : size.height,
-            webPreferences: { nodeIntegration: true, enableRemoteModule: true }
+            webPreferences: {
+                preload: path.join(__dirname, 'electron.js'),
+                nodeIntegration: true,
+                contextIsolation: true,
+                worldSafeExecuteJavaScript: true,
+                enableRemoteModule: true
+            }
         };
         if (this._owner.count > 0 && View._position && View._position.length == 2) {
             options.x = View._position[0] + 30;

source/electron.html

@@ -3,7 +3,7 @@
 <head>
 <meta charset="utf-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
-<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline';">
+<meta http-equiv="Content-Security-Policy" content="script-src 'self';">
 <title>Netron</title>
 <link rel="stylesheet" type="text/css" href="view-grapher.css">
 <link rel="stylesheet" type="text/css" href="view-sidebar.css">
@@ -179,6 +179,5 @@ body { margin: 0; width: 100vw; height: 100vh; font-family: -apple-system, Blink
     </button>
 </div>
 <div id="sidebar" class="sidebar"></div>
-<script type="text/javascript">require('./electron');</script>
 </body>
 </html>

source/electron.js

@@ -8,10 +8,6 @@ const http = require('http');
 const https = require('https');
 const process = require('process');
 const path = require('path');
-const view = require('./view');
-
-global.protobuf = require('./protobuf');
-global.flatbuffers = require('./flatbuffers');
 
 host.ElectronHost = class {
 
@@ -337,7 +333,7 @@ host.ElectronHost = class {
         if (file) {
             this._view.show('welcome spinner');
             this._readFile(file).then((buffer) => {
-                const context = new ElectonContext(this, path.dirname(file), path.basename(file), buffer);
+                const context = new host.ElectronHost.ElectonContext(this, path.dirname(file), path.basename(file), buffer);
                 this._view.open(context).then((model) => {
                     this._view.show(null);
                     if (model) {
@@ -440,7 +436,7 @@ host.ElectronHost = class {
     }
 };
 
-class ElectonContext {
+host.ElectronHost.ElectonContext = class {
 
     constructor(host, folder, identifier, buffer) {
         this._host = host;
@@ -460,6 +456,11 @@ class ElectonContext {
     get buffer() {
         return this._buffer;
     }
-}
+};
 
-window.__view__ = new view.View(new host.ElectronHost());
+window.addEventListener('load', () => {
+    global.protobuf = require('./protobuf');
+    global.flatbuffers = require('./flatbuffers');
+    const view = require('./view');
+    window.__view__ = new view.View(new host.ElectronHost());
+});

source/index.js

@@ -426,7 +426,7 @@ host.BrowserHost = class {
         url = url + ((/\?/).test(url) ? "&" : "?") + (new Date()).getTime();
         this._view.show('welcome spinner');
         this._request(url).then((buffer) => {
-            const context = new BrowserContext(this, url, identifier, buffer);
+            const context = new host.BrowserHost.BrowserContext(this, url, identifier, buffer);
             this._view.open(context).then(() => {
                 this.document.title = identifier || context.identifier;
             }).catch((err) => {
@@ -442,7 +442,7 @@ host.BrowserHost = class {
 
     _open(file, files) {
         this._view.show('welcome spinner');
-        const context = new BrowserFileContext(file, files);
+        const context = new host.BrowserHost.BrowserFileContext(file, files);
         context.open().then(() => {
             return this._view.open(context).then((model) => {
                 this._view.show(null);
@@ -472,7 +472,7 @@ host.BrowserHost = class {
             const identifier = file.filename;
             const encoder = new TextEncoder();
             const buffer = encoder.encode(file.content);
-            const context = new BrowserContext(this, '', identifier, buffer);
+            const context = new host.BrowserHost.BrowserContext(this, '', identifier, buffer);
             this._view.open(context).then(() => {
                 this.document.title = identifier;
             }).catch((error) => {
@@ -799,7 +799,7 @@ host.Dropdown = class {
 };
 
 
-class BrowserFileContext {
+host.BrowserContext.BrowserFileContext = class {
 
     constructor(file, blobs) {
         this._file = file;
@@ -860,9 +860,9 @@ class BrowserFileContext {
             }
         });
     }
-}
+};
 
-class BrowserContext {
+host.BrowserHost.BrowserContext = class {
 
     constructor(host, url, identifier, buffer) {
         this._host = host;
@@ -892,6 +892,6 @@ class BrowserContext {
     get buffer() {
         return this._buffer;
     }
-}
+};
 
 window.__view__ = new view.View(new host.BrowserHost());