Bug 1946616 Comment 0 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

## Did you check out the steps and FAQs for submitting requests to the CX content team? (yes or no)? [REQUIRED]
**Note: Learn more at https://mozilla-hub.atlassian.net/wiki/spaces/MSS/pages/21430745/Mozilla+Support+Content **

**IMPORTANT NOTICE: FOR TIMELY PUBLICATION, CONTENT REQUESTS MUST BE SUBMITTED AT LEAST 14 DAYS BEFORE THE RELEASE DATE, ENABLING THE SUMO TEAM TO MAKE THEM LIVE WITHIN 48 HOURS POST-RELEASE. PLEASE ENSURE THAT ALL SUBMITTED INFORMATION, INCLUDING FEATURE DETAILS AND VISUAL ASSETS, IS FINAL. IN THE EVENT OF ANY UNFORESEEN CHANGES OR DELAYS NECESSITATING A PUSH TO A SUBSEQUENT RELEASE, PROMPTLY INFORM US TO PREVENT PUBLISHING AS PER THE ORIGINAL SCHEDULE.**

Yes.

## Content access restriction: Is the content restricted to staff or under embargo (yes or no)? [REQUIRED]
**Note: If yes, ensure ‘Advanced Fields’ are visible by selecting ‘Show Advanced Field’ at the top right, then scroll to ‘Security’ and check ‘Confidential Mozilla Employee Bug (non-security)’.**

**Attention:** Any content not marked as confidential will be accessible to both NDAd and non-NDAd contributors with a Bugzilla account. Drafts for non-confidential content will also follow the same access policy, being open to comments for anyone with the link. Non-confidential Bugzillas can benefit from contributions by community contributors, while confidential Bugzillas will be handled exclusively by staff.

No.

## Product (ensure to select only one product for each ticket. If your request involves multiple products, file an individual Bugzilla for each)
**Choose one below and delete others. [REQUIRED]**

Firefox for Desktop (Windows / macOS / Linux)

## Select the type of request.
**Choose one or more below and delete others. [REQUIRED]**

KB content update

## Please summarize the request, emphasizing any user-facing changes. Include historical context or background information if it helps users understand the new features or changes. [REQUIRED]

Add a heading with "Allow unverified third-party scripts to access your data" to https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions

This heading's text must exactly match the string of `webext-perms-description-userScripts` in `extensionPermissions.ftl`, which was added in bug 1917000 (https://hg.mozilla.org/mozilla-central/rev/bc4881030055). Localized versions can be found at https://searchfox.org/l10n/search?q=webext-perms-description-userScripts

The section should explain what the permission does. For extra context, see bug 1931545 that previews the warning that is displayed next to the permission description. Note: from the permission data and the warning it is not obvious, but the access is limited to sites that the extension can already access.

> The extension could enable unverified scripts to access your website data. Unverified scripts can pose security and privacy risks, such as running harmful code or tracking website activity. Only run scripts from extensions or sources you trust.


## Are the user-facing changes mentioned above for the production release, or is the feature/change experimental/ beta? (Production, Experimental or Beta) [REQUIRED]
**Note:  Specify if the user-facing changes mentioned above are final, experimental, or in beta. This information is crucial for determining the appropriate support and documentation level needed. Please note that SUMO KB articles only support the production version for Firefox.

Yes. Riding to release of Firefox 136, with bug 1943050.

## Are the new features or changes region-specific? Are they going to be released in a gradual rollout? [REQUIRED]
**Note: Please confirm if these features or changes are limited to specific geographic regions and if they will be implemented gradually. Knowing this helps us tailor our documentation and support resources appropriately.

No

## Please indicate if this is an on- or off-train release [REQUIRED] 
**Note: If applicable, add the product version number to the end of the Summary field using the format: Summary [Product V123]. If this is an off-train release, please use the format: Summary [Product off-train].

On-train.

## What is the anticipated release date? [REQUIRED]
**Note: Content is typically published at, or within, 48 hours of the release.**

Firefox 136 releases on 2025-03-04 according to https://whattrainisitnow.com/release/?version=136 .

## Does the content need to be published prior to the release date? If so, when? [REQUIRED]
**Note: If you don’t let us know if this date changes, it will be published on this date**

No.

## Does the content need to be localized in any languages outside of EN-US? If yes, please indicate which languages. [REQUIRED]
**Note: A minimum of 10 days is required for translation requests.**

This new section should be added to all localized versions of the article.
According to https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions/show_translations
the article is localized in 35 other languages:
- ar, bg, cs, da, de, el, es, fa, fi, fr, hi-IN, hr, hu, id, it, ja, ka, ko, lt, ms, nl, no, pl, pt-BR, Europeu, pt-PT, ru, sr, th, tr, uk, vi, zh-CN, zh-TW, zu

## Please include any related JIRA/Github/Bugzilla tickets, documentation, demos or practical use cases. [REQUIRED]

- userScripts API opt-in description (part of bug 1917000): https://docs.google.com/document/d/1Bx261fBL8TPAyAy_839-Rtk7C6lriaHTvex1jXaUB5c/edit
- Example of extension that uses the new permission: https://github.com/mdn/webextensions-examples/pull/576 (see below for how to use this)

## Please include links to any design assets, visuals, figma files, etc. [REQUIRED]
**Note: Ensure to submit only final visual assets relevant to the Production release, excluding Nightly or Beta images, and favor 'Light mode' UI screenshots over 'Dark mode'**

- Figma and design assets/visual can be found in bug 1917000, see https://bugzilla.mozilla.org/show_bug.cgi?id=1917000#c1 onwards.
- Screenshot in actual Firefox build is attached in bug 1931545: (https://bug1931545.bmoattachments.org/attachment.cgi?id=9445015

## Please add instructions for testing that will enable us to replicate the expected product behavior. [REQUIRED]

1. Clone the mdn/webextensions-examples repository, with https://github.com/mdn/webextensions-examples/pull/576
   - If the patch has not been merged yet, check out the individual branch as follows:
   - `git clone https://github.com/mdn/webextensions-examples`
   - `cd webextensions-examples`
   - `git fetch origin pull/576/head`
   - `git checkout FETCH_HEAD`
2. Visit `about:debugging`, click "This Firefox", then click "Load Temporary Add-on...", and in the file picker select the `userScripts-mv3` directory from the first step.
3. Visit `about:addons`, click on the "User Scripts Manager extension" to view its details.
4. Click on the "Permissions" tab.
5. The "Allow unverified third-party scripts to access your data" permission is displayed, as seen in bug 1931545 ([screenshot](https://bug1931545.bmoattachments.org/attachment.cgi?id=9445015)).

## Does the content need approval before publishing? If yes, identify the one approver responsible for this task.
**Note: Minor changes such as string updates are directly handled in SUMO, and will not lead to the generation of a pre-publishing draft. [REQUIRED]**
## Did you check out the steps and FAQs for submitting requests to the CX content team? (yes or no)? [REQUIRED]
**Note: Learn more at https://mozilla-hub.atlassian.net/wiki/spaces/MSS/pages/21430745/Mozilla+Support+Content **

**IMPORTANT NOTICE: FOR TIMELY PUBLICATION, CONTENT REQUESTS MUST BE SUBMITTED AT LEAST 14 DAYS BEFORE THE RELEASE DATE, ENABLING THE SUMO TEAM TO MAKE THEM LIVE WITHIN 48 HOURS POST-RELEASE. PLEASE ENSURE THAT ALL SUBMITTED INFORMATION, INCLUDING FEATURE DETAILS AND VISUAL ASSETS, IS FINAL. IN THE EVENT OF ANY UNFORESEEN CHANGES OR DELAYS NECESSITATING A PUSH TO A SUBSEQUENT RELEASE, PROMPTLY INFORM US TO PREVENT PUBLISHING AS PER THE ORIGINAL SCHEDULE.**

Yes.

## Content access restriction: Is the content restricted to staff or under embargo (yes or no)? [REQUIRED]
**Note: If yes, ensure ‘Advanced Fields’ are visible by selecting ‘Show Advanced Field’ at the top right, then scroll to ‘Security’ and check ‘Confidential Mozilla Employee Bug (non-security)’.**

**Attention:** Any content not marked as confidential will be accessible to both NDAd and non-NDAd contributors with a Bugzilla account. Drafts for non-confidential content will also follow the same access policy, being open to comments for anyone with the link. Non-confidential Bugzillas can benefit from contributions by community contributors, while confidential Bugzillas will be handled exclusively by staff.

No.

## Product (ensure to select only one product for each ticket. If your request involves multiple products, file an individual Bugzilla for each)
**Choose one below and delete others. [REQUIRED]**

Firefox for Desktop (Windows / macOS / Linux)

## Select the type of request.
**Choose one or more below and delete others. [REQUIRED]**

KB content update

## Please summarize the request, emphasizing any user-facing changes. Include historical context or background information if it helps users understand the new features or changes. [REQUIRED]

Add a heading with "Allow unverified third-party scripts to access your data" to https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions

This heading's text must exactly match the string of `webext-perms-description-userScripts` in `extensionPermissions.ftl`, which was added in bug 1917000 (https://hg.mozilla.org/mozilla-central/rev/bc4881030055). Localized versions can be found at https://searchfox.org/l10n/search?q=webext-perms-description-userScripts

The section should explain what the permission does. For extra context, see bug 1931545 that previews the warning that is displayed next to the permission description. Note: from the permission data and the warning it is not obvious, but the access is limited to sites that the extension can already access.

When I combine the existing permission description and warning, the result could look like this:

> The extension could enable unverified scripts to access your website data. Unverified scripts can pose security and privacy risks, such as running harmful code or tracking website activity. Only run scripts from extensions or sources you trust.


## Are the user-facing changes mentioned above for the production release, or is the feature/change experimental/ beta? (Production, Experimental or Beta) [REQUIRED]
**Note:  Specify if the user-facing changes mentioned above are final, experimental, or in beta. This information is crucial for determining the appropriate support and documentation level needed. Please note that SUMO KB articles only support the production version for Firefox.

Yes. Riding to release of Firefox 136, with bug 1943050.

## Are the new features or changes region-specific? Are they going to be released in a gradual rollout? [REQUIRED]
**Note: Please confirm if these features or changes are limited to specific geographic regions and if they will be implemented gradually. Knowing this helps us tailor our documentation and support resources appropriately.

No

## Please indicate if this is an on- or off-train release [REQUIRED] 
**Note: If applicable, add the product version number to the end of the Summary field using the format: Summary [Product V123]. If this is an off-train release, please use the format: Summary [Product off-train].

On-train.

## What is the anticipated release date? [REQUIRED]
**Note: Content is typically published at, or within, 48 hours of the release.**

Firefox 136 releases on 2025-03-04 according to https://whattrainisitnow.com/release/?version=136 .

## Does the content need to be published prior to the release date? If so, when? [REQUIRED]
**Note: If you don’t let us know if this date changes, it will be published on this date**

No.

## Does the content need to be localized in any languages outside of EN-US? If yes, please indicate which languages. [REQUIRED]
**Note: A minimum of 10 days is required for translation requests.**

This new section should be added to all localized versions of the article.
According to https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions/show_translations
the article is localized in 35 other languages:
- ar, bg, cs, da, de, el, es, fa, fi, fr, hi-IN, hr, hu, id, it, ja, ka, ko, lt, ms, nl, no, pl, pt-BR, Europeu, pt-PT, ru, sr, th, tr, uk, vi, zh-CN, zh-TW, zu

## Please include any related JIRA/Github/Bugzilla tickets, documentation, demos or practical use cases. [REQUIRED]

- userScripts API opt-in description (part of bug 1917000): https://docs.google.com/document/d/1Bx261fBL8TPAyAy_839-Rtk7C6lriaHTvex1jXaUB5c/edit
- Example of extension that uses the new permission: https://github.com/mdn/webextensions-examples/pull/576 (see below for how to use this)

## Please include links to any design assets, visuals, figma files, etc. [REQUIRED]
**Note: Ensure to submit only final visual assets relevant to the Production release, excluding Nightly or Beta images, and favor 'Light mode' UI screenshots over 'Dark mode'**

- Figma and design assets/visual can be found in bug 1917000, see https://bugzilla.mozilla.org/show_bug.cgi?id=1917000#c1 onwards.
- Screenshot in actual Firefox build is attached in bug 1931545: (https://bug1931545.bmoattachments.org/attachment.cgi?id=9445015

## Please add instructions for testing that will enable us to replicate the expected product behavior. [REQUIRED]

1. Clone the mdn/webextensions-examples repository, with https://github.com/mdn/webextensions-examples/pull/576
   - If the patch has not been merged yet, check out the individual branch as follows:
   - `git clone https://github.com/mdn/webextensions-examples`
   - `cd webextensions-examples`
   - `git fetch origin pull/576/head`
   - `git checkout FETCH_HEAD`
2. Visit `about:debugging`, click "This Firefox", then click "Load Temporary Add-on...", and in the file picker select the `userScripts-mv3` directory from the first step.
3. Visit `about:addons`, click on the "User Scripts Manager extension" to view its details.
4. Click on the "Permissions" tab.
5. The "Allow unverified third-party scripts to access your data" permission is displayed, as seen in bug 1931545 ([screenshot](https://bug1931545.bmoattachments.org/attachment.cgi?id=9445015)).

## Does the content need approval before publishing? If yes, identify the one approver responsible for this task.
**Note: Minor changes such as string updates are directly handled in SUMO, and will not lead to the generation of a pre-publishing draft. [REQUIRED]**
## Did you check out the steps and FAQs for submitting requests to the CX content team? (yes or no)? [REQUIRED]
**Note: Learn more at https://mozilla-hub.atlassian.net/wiki/spaces/MSS/pages/21430745/Mozilla+Support+Content **

**IMPORTANT NOTICE: FOR TIMELY PUBLICATION, CONTENT REQUESTS MUST BE SUBMITTED AT LEAST 14 DAYS BEFORE THE RELEASE DATE, ENABLING THE SUMO TEAM TO MAKE THEM LIVE WITHIN 48 HOURS POST-RELEASE. PLEASE ENSURE THAT ALL SUBMITTED INFORMATION, INCLUDING FEATURE DETAILS AND VISUAL ASSETS, IS FINAL. IN THE EVENT OF ANY UNFORESEEN CHANGES OR DELAYS NECESSITATING A PUSH TO A SUBSEQUENT RELEASE, PROMPTLY INFORM US TO PREVENT PUBLISHING AS PER THE ORIGINAL SCHEDULE.**

Yes.

## Content access restriction: Is the content restricted to staff or under embargo (yes or no)? [REQUIRED]
**Note: If yes, ensure ‘Advanced Fields’ are visible by selecting ‘Show Advanced Field’ at the top right, then scroll to ‘Security’ and check ‘Confidential Mozilla Employee Bug (non-security)’.**

**Attention:** Any content not marked as confidential will be accessible to both NDAd and non-NDAd contributors with a Bugzilla account. Drafts for non-confidential content will also follow the same access policy, being open to comments for anyone with the link. Non-confidential Bugzillas can benefit from contributions by community contributors, while confidential Bugzillas will be handled exclusively by staff.

No.

## Product (ensure to select only one product for each ticket. If your request involves multiple products, file an individual Bugzilla for each)
**Choose one below and delete others. [REQUIRED]**

Firefox for Desktop (Windows / macOS / Linux)

## Select the type of request.
**Choose one or more below and delete others. [REQUIRED]**

KB content update

## Please summarize the request, emphasizing any user-facing changes. Include historical context or background information if it helps users understand the new features or changes. [REQUIRED]

Add a heading with "Allow unverified third-party scripts to access your data" to https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions

This heading's text must exactly match the string of `webext-perms-description-userScripts` in `extensionPermissions.ftl`, which was added in bug 1917000 (https://hg.mozilla.org/mozilla-central/rev/bc4881030055). Localized versions can be found at https://searchfox.org/l10n/search?q=webext-perms-description-userScripts

The section should explain what the permission does. For extra context, see bug 1931545 that previews the warning that is displayed next to the permission description. Note: from the permission data and the warning it is not obvious, but the access is limited to sites that the extension can already access.

When I combine the existing permission description and warning, the result could look like this:

> The extension could enable unverified scripts to access your website data. Unverified scripts can pose security and privacy risks, such as running harmful code or tracking website activity. Only run scripts from extensions or sources you trust.


## Are the user-facing changes mentioned above for the production release, or is the feature/change experimental/ beta? (Production, Experimental or Beta) [REQUIRED]
**Note:  Specify if the user-facing changes mentioned above are final, experimental, or in beta. This information is crucial for determining the appropriate support and documentation level needed. Please note that SUMO KB articles only support the production version for Firefox.

Yes. Riding to release of Firefox 136, with bug 1943050.

## Are the new features or changes region-specific? Are they going to be released in a gradual rollout? [REQUIRED]
**Note: Please confirm if these features or changes are limited to specific geographic regions and if they will be implemented gradually. Knowing this helps us tailor our documentation and support resources appropriately.

No

## Please indicate if this is an on- or off-train release [REQUIRED] 
**Note: If applicable, add the product version number to the end of the Summary field using the format: Summary [Product V123]. If this is an off-train release, please use the format: Summary [Product off-train].

On-train.

## What is the anticipated release date? [REQUIRED]
**Note: Content is typically published at, or within, 48 hours of the release.**

Firefox 136 releases on 2025-03-04 according to https://whattrainisitnow.com/release/?version=136 .

## Does the content need to be published prior to the release date? If so, when? [REQUIRED]
**Note: If you don’t let us know if this date changes, it will be published on this date**

No.

## Does the content need to be localized in any languages outside of EN-US? If yes, please indicate which languages. [REQUIRED]
**Note: A minimum of 10 days is required for translation requests.**

EDIT: it is acceptable to wait for the community to localize at their pace.

This new section should be added to all localized versions of the article.
According to https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions/show_translations
the article is localized in 35 other languages:
- ar, bg, cs, da, de, el, es, fa, fi, fr, hi-IN, hr, hu, id, it, ja, ka, ko, lt, ms, nl, no, pl, pt-BR, Europeu, pt-PT, ru, sr, th, tr, uk, vi, zh-CN, zh-TW, zu

## Please include any related JIRA/Github/Bugzilla tickets, documentation, demos or practical use cases. [REQUIRED]

- userScripts API opt-in description (part of bug 1917000): https://docs.google.com/document/d/1Bx261fBL8TPAyAy_839-Rtk7C6lriaHTvex1jXaUB5c/edit
- Example of extension that uses the new permission: https://github.com/mdn/webextensions-examples/pull/576 (see below for how to use this)

## Please include links to any design assets, visuals, figma files, etc. [REQUIRED]
**Note: Ensure to submit only final visual assets relevant to the Production release, excluding Nightly or Beta images, and favor 'Light mode' UI screenshots over 'Dark mode'**

- Figma and design assets/visual can be found in bug 1917000, see https://bugzilla.mozilla.org/show_bug.cgi?id=1917000#c1 onwards.
- Screenshot in actual Firefox build is attached in bug 1931545: (https://bug1931545.bmoattachments.org/attachment.cgi?id=9445015

## Please add instructions for testing that will enable us to replicate the expected product behavior. [REQUIRED]

1. Clone the mdn/webextensions-examples repository, with https://github.com/mdn/webextensions-examples/pull/576
   - If the patch has not been merged yet, check out the individual branch as follows:
   - `git clone https://github.com/mdn/webextensions-examples`
   - `cd webextensions-examples`
   - `git fetch origin pull/576/head`
   - `git checkout FETCH_HEAD`
2. Visit `about:debugging`, click "This Firefox", then click "Load Temporary Add-on...", and in the file picker select the `userScripts-mv3` directory from the first step.
3. Visit `about:addons`, click on the "User Scripts Manager extension" to view its details.
4. Click on the "Permissions" tab.
5. The "Allow unverified third-party scripts to access your data" permission is displayed, as seen in bug 1931545 ([screenshot](https://bug1931545.bmoattachments.org/attachment.cgi?id=9445015)).

## Does the content need approval before publishing? If yes, identify the one approver responsible for this task.
**Note: Minor changes such as string updates are directly handled in SUMO, and will not lead to the generation of a pre-publishing draft. [REQUIRED]**

Back to Bug 1946616 Comment 0