Closed
Bug 1158330
Opened 9 years ago
Closed 9 years ago
Allow content scripts to directly access the window of add-on pages
Categories
(Add-on SDK Graveyard :: General, defect)
Add-on SDK Graveyard
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1159619
People
(Reporter: billm, Assigned: billm)
Details
Attachments
(1 file)
1.21 KB,
patch
|
evold
:
feedback-
|
Details | Diff | Splinter Review |
I don't understand why a content script for an add-on should be prevented from interacting directly with a page that's packaged as part of the add-on. It makes it more difficult to write add-ons and doesn't seem to offer any additional security. We already allow add-on pages without content scripts to access the full Jetpack SDK via the |addon| property on the page's window object. However, sometimes it's nice to use a content script rather than a <script> tag in the add-on page. Not sure who should review this.
Comment 1•9 years ago
|
||
I can review this.
Comment 2•9 years ago
|
||
hmm this blob might need to be updated too https://github.com/mozilla/addon-sdk/blob/master/lib/sdk/deprecated/traits-worker.js#L131-L246 maybe we can finally remove that module too..
Comment 3•9 years ago
|
||
(In reply to Erik Vold [:erikvold] (please needinfo? me) from comment #2) > hmm this blob might need to be updated too > https://github.com/mozilla/addon-sdk/blob/master/lib/sdk/deprecated/traits- > worker.js#L131-L246 > > maybe we can finally remove that module too.. Yes we can ignore this module, I've made bug 1158356 and a patch to remove those modules.
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Comment 5•9 years ago
|
||
Comment on attachment 8597440 [details] [diff] [review] patch We discussed in irc that an add-on using a content script would regress with this patch, and I remember talking about a working around but I don't recall what that was. The main issue here is that I don't think it helps use achieve our goal, we want to expose a separate window to add-on content I think, or an arbitrary api. This patch will merely expose a content scripts to unsafeWindow rather than xray'd window.
Attachment #8597440 -
Flags: feedback-
You need to log in
before you can comment on or make changes to this bug.
Description
•