Bugzilla

bug 2017797 restored the regression for `structuredClone` in content scripts and the sandbox of user scripts registered through the MV3 userScripts API.

But the fix was not applied to the sandbox of userScripts API from MV2.

For completeness and future reference, here is an overview of `Cu.Sandbox` instances in extensions that interact with content:
- content script sandbox: https://searchfox.org/firefox-main/rev/0894e095dfb46b6dac785365432791a54861fe09/toolkit/components/extensions/ExtensionContent.sys.mjs#1045,1070
   - created when a page loads and `content_scripts` is used (the order does not matter) - the most common sandbox, most extensions interacting with content use this.
- MV2 userScripts sandbox: https://searchfox.org/firefox-main/rev/0894e095dfb46b6dac785365432791a54861fe09/toolkit/components/extensions/ExtensionContent.sys.mjs#954
  - created when a page loads, after `api_scripts` is defined in a manifest with `manifest_version: 2` and `userScripts.register()` is called.
- MV3 userScripts sandbox: https://searchfox.org/firefox-main/rev/0894e095dfb46b6dac785365432791a54861fe09/toolkit/components/extensions/ExtensionUserScriptsContent.sys.mjs#264
  - created when a page loads, after the "userScripts" permission is granted to an extension with `manifest_version: 3` and `userScripts.register()` is called.

Examples of unit tests that trigger the creation of such sandboxes and verify the execution within can be seen in the patch to bug 1912587 at https://phabricator.services.mozilla.com/D219142

- `test_Document_parseHTML_and_parseHTMLUnsafe` tests content scripts
- `test_Document_parseHTML_in_mv2_userscript_sandbox` tests MV2 user script sandbox.
- `test_Document_parseHTML_in_mv3_userscript_sandbox` tests MV3 user script sandbox.

bug 2017797 fixed the regression for `structuredClone` in content scripts and the sandbox of user scripts registered through the MV3 userScripts API.

But the fix was not applied to the sandbox of userScripts API from MV2.

For completeness and future reference, here is an overview of `Cu.Sandbox` instances in extensions that interact with content:
- content script sandbox: https://searchfox.org/firefox-main/rev/0894e095dfb46b6dac785365432791a54861fe09/toolkit/components/extensions/ExtensionContent.sys.mjs#1045,1070
   - created when a page loads and `content_scripts` is used (the order does not matter) - the most common sandbox, most extensions interacting with content use this.
- MV2 userScripts sandbox: https://searchfox.org/firefox-main/rev/0894e095dfb46b6dac785365432791a54861fe09/toolkit/components/extensions/ExtensionContent.sys.mjs#954
  - created when a page loads, after `api_scripts` is defined in a manifest with `manifest_version: 2` and `userScripts.register()` is called.
- MV3 userScripts sandbox: https://searchfox.org/firefox-main/rev/0894e095dfb46b6dac785365432791a54861fe09/toolkit/components/extensions/ExtensionUserScriptsContent.sys.mjs#264
  - created when a page loads, after the "userScripts" permission is granted to an extension with `manifest_version: 3` and `userScripts.register()` is called.

Examples of unit tests that trigger the creation of such sandboxes and verify the execution within can be seen in the patch to bug 1912587 at https://phabricator.services.mozilla.com/D219142

- `test_Document_parseHTML_and_parseHTMLUnsafe` tests content scripts
- `test_Document_parseHTML_in_mv2_userscript_sandbox` tests MV2 user script sandbox.
- `test_Document_parseHTML_in_mv3_userscript_sandbox` tests MV3 user script sandbox.