diff --git a/.changes/disable-javascript-api.md b/.changes/disable-javascript-api.md new file mode 100644 index 000000000..414d851c7 --- /dev/null +++ b/.changes/disable-javascript-api.md @@ -0,0 +1,6 @@ +--- +"@tauri-apps/api": minor:feat +--- + +Added `WindowOptions::javascriptDisabled` and `WebviewOptions::javascriptDisabled`. + diff --git a/.changes/disable-javascript.md b/.changes/disable-javascript.md new file mode 100644 index 000000000..2bb3e27ec --- /dev/null +++ b/.changes/disable-javascript.md @@ -0,0 +1,6 @@ +--- +tauri: 'minor:feat' +tauri-runtime-wry: 'minor:feat' +--- + +Add `WebviewBuilder.disable_javascript` and `WebviewWindowBuilder.disable_javascript` api to disable JavaScript. diff --git a/Cargo.lock b/Cargo.lock index 15b3432e0..0469455cb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -10854,9 +10854,9 @@ checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51" [[package]] name = "wry" -version = "0.50.0" +version = "0.50.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eaa83204cc976ccffdc50559914edb93945f472863916c61de5cc772d452fb4a" +checksum = "d2ec139df5102db821f92a42033c3fa0467c5ab434511e79c65881d6bdf2b369" dependencies = [ "base64 0.22.1", "block2 0.6.0", diff --git a/crates/tauri-cli/config.schema.json b/crates/tauri-cli/config.schema.json index cda96b64b..02195b6cc 100644 --- a/crates/tauri-cli/config.schema.json +++ b/crates/tauri-cli/config.schema.json @@ -527,6 +527,11 @@ "type": "null" } ] + }, + "javascriptDisabled": { + "description": "Whether we should disable JavaScript code execution on the webview or not.", + "default": false, + "type": "boolean" } }, "additionalProperties": false diff --git a/crates/tauri-runtime-wry/Cargo.toml b/crates/tauri-runtime-wry/Cargo.toml index 733f6f8a9..017704dbe 100644 --- a/crates/tauri-runtime-wry/Cargo.toml +++ b/crates/tauri-runtime-wry/Cargo.toml @@ -17,7 +17,7 @@ rustc-args = ["--cfg", "docsrs"] rustdoc-args = ["--cfg", "docsrs"] [dependencies] -wry = { version = "0.50.0", default-features = false, features = [ +wry = { version = "0.50.3", default-features = false, features = [ "drag-drop", "protocol", "os-webview", diff --git a/crates/tauri-runtime-wry/src/lib.rs b/crates/tauri-runtime-wry/src/lib.rs index 07626250b..1047c20ef 100644 --- a/crates/tauri-runtime-wry/src/lib.rs +++ b/crates/tauri-runtime-wry/src/lib.rs @@ -4211,6 +4211,10 @@ fn create_webview( }); } + if webview_attributes.javascript_disabled { + webview_builder = webview_builder.with_javascript_disabled(); + } + if let Some(color) = webview_attributes.background_color { webview_builder = webview_builder.with_background_color(color.into()); } diff --git a/crates/tauri-runtime/src/webview.rs b/crates/tauri-runtime/src/webview.rs index 93c8754fe..aef72b49b 100644 --- a/crates/tauri-runtime/src/webview.rs +++ b/crates/tauri-runtime/src/webview.rs @@ -218,6 +218,7 @@ pub struct WebviewAttributes { pub devtools: Option, pub background_color: Option, pub background_throttling: Option, + pub javascript_disabled: bool, } impl From<&WindowConfig> for WebviewAttributes { @@ -254,6 +255,7 @@ impl From<&WindowConfig> for WebviewAttributes { if let Some(color) = config.background_color { builder = builder.background_color(color); } + builder.javascript_disabled = config.javascript_disabled; builder } } @@ -285,6 +287,7 @@ impl WebviewAttributes { devtools: None, background_color: None, background_throttling: None, + javascript_disabled: false, } } diff --git a/crates/tauri-schema-generator/schemas/config.schema.json b/crates/tauri-schema-generator/schemas/config.schema.json index cda96b64b..02195b6cc 100644 --- a/crates/tauri-schema-generator/schemas/config.schema.json +++ b/crates/tauri-schema-generator/schemas/config.schema.json @@ -527,6 +527,11 @@ "type": "null" } ] + }, + "javascriptDisabled": { + "description": "Whether we should disable JavaScript code execution on the webview or not.", + "default": false, + "type": "boolean" } }, "additionalProperties": false diff --git a/crates/tauri-utils/src/config.rs b/crates/tauri-utils/src/config.rs index c73cbdd5c..d066e7745 100644 --- a/crates/tauri-utils/src/config.rs +++ b/crates/tauri-utils/src/config.rs @@ -1717,6 +1717,9 @@ pub struct WindowConfig { /// see https://github.com/tauri-apps/tauri/issues/5250#issuecomment-2569380578 #[serde(default, alias = "background-throttling")] pub background_throttling: Option, + /// Whether we should disable JavaScript code execution on the webview or not. + #[serde(default, alias = "javascript-disabled")] + pub javascript_disabled: bool, } impl Default for WindowConfig { @@ -1770,6 +1773,7 @@ impl Default for WindowConfig { devtools: None, background_color: None, background_throttling: None, + javascript_disabled: false, } } } @@ -3047,6 +3051,7 @@ mod build { let devtools = opt_lit(self.devtools.as_ref()); let background_color = opt_lit(self.background_color.as_ref()); let background_throttling = opt_lit(self.background_throttling.as_ref()); + let javascript_disabled = self.javascript_disabled; literal_struct!( tokens, @@ -3098,7 +3103,8 @@ mod build { use_https_scheme, devtools, background_color, - background_throttling + background_throttling, + javascript_disabled ); } } diff --git a/crates/tauri/src/webview/mod.rs b/crates/tauri/src/webview/mod.rs index d0f2e36cd..03002dd96 100644 --- a/crates/tauri/src/webview/mod.rs +++ b/crates/tauri/src/webview/mod.rs @@ -891,6 +891,17 @@ fn main() { self.webview_attributes.background_throttling = Some(policy); self } + + /// Whether JavaScript should be disabled. + /// + /// ## Platform-specific + /// + /// - **Android:** Not implemented yet. + #[must_use] + pub fn disable_javascript(mut self) -> Self { + self.webview_attributes.javascript_disabled = true; + self + } } /// Webview. diff --git a/crates/tauri/src/webview/plugin.rs b/crates/tauri/src/webview/plugin.rs index afdcaac74..a2dae40d2 100644 --- a/crates/tauri/src/webview/plugin.rs +++ b/crates/tauri/src/webview/plugin.rs @@ -50,6 +50,8 @@ mod desktop_commands { zoom_hotkeys_enabled: bool, #[serde(default)] background_throttling: Option, + #[serde(default)] + javascript_disabled: bool, } #[cfg(feature = "unstable")] @@ -66,6 +68,7 @@ mod desktop_commands { builder.webview_attributes.incognito = config.incognito; builder.webview_attributes.zoom_hotkeys_enabled = config.zoom_hotkeys_enabled; builder.webview_attributes.background_throttling = config.background_throttling; + builder.webview_attributes.javascript_disabled = config.javascript_disabled; builder } } diff --git a/crates/tauri/src/webview/webview_window.rs b/crates/tauri/src/webview/webview_window.rs index 22a1e0b74..0fe6283fd 100644 --- a/crates/tauri/src/webview/webview_window.rs +++ b/crates/tauri/src/webview/webview_window.rs @@ -996,6 +996,17 @@ impl> WebviewWindowBuilder<'_, R, M> { self.webview_builder = self.webview_builder.background_throttling(policy); self } + + /// Whether JavaScript should be disabled. + /// + /// ## Platform-specific + /// + /// - **Android:** Not implemented yet. + #[must_use] + pub fn disable_javascript(mut self) -> Self { + self.webview_builder = self.webview_builder.disable_javascript(); + self + } } /// A type that wraps a [`Window`] together with a [`Webview`]. diff --git a/packages/api/src/webview.ts b/packages/api/src/webview.ts index dd1450560..9d8e7e7e0 100644 --- a/packages/api/src/webview.ts +++ b/packages/api/src/webview.ts @@ -791,6 +791,10 @@ interface WebviewOptions { * @since 2.3.0 */ backgroundThrottling?: BackgroundThrottlingPolicy + /** + * Whether we should disable JavaScript code execution on the webview or not. + */ + javascriptDisabled?: boolean } export { Webview, getCurrentWebview, getAllWebviews } diff --git a/packages/api/src/window.ts b/packages/api/src/window.ts index 6d142657d..ed27ee045 100644 --- a/packages/api/src/window.ts +++ b/packages/api/src/window.ts @@ -2363,6 +2363,10 @@ interface WindowOptions { * @since 2.3.0 */ backgroundThrottling?: BackgroundThrottlingPolicy + /** + * Whether we should disable JavaScript code execution on the webview or not. + */ + javascriptDisabled?: boolean } function mapMonitor(m: Monitor | null): Monitor | null {