Closed Bug 1196718 Opened 9 years ago Closed 7 years ago

exportFunction still requires unsafe-content-script option

Categories

(Add-on SDK Graveyard :: General, defect)

Product:
Add-on SDK Graveyard
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: thomas, Unassigned)

Details

Attachments

(1 file)

mailvelope.firefox.xpi
1.12 MB, application/zip
Details
Attached file mailvelope.firefox.xpi 
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36

Steps to reproduce:

We are using cloneInto and exportFunction to expose an API to a page script as described here: https://developer.mozilla.org/en-US/Add-ons/SDK/Guides/Content_Scripts/Interacting_with_page_scripts#Expose_objects_to_page_scripts

If we don't set the "unsafe-content-script" in the package.json the addon throws the exception:

Error: Permission denied to access property "xyz"


Actual results:

Please install the attached addon. In the addon toolbar click on the locker icon and click on 'Options'.
-> a new tab opens
-> exception: Error: Permission denied to access property "error"

If "unsafe-content-script" in the package.json is set to true, the error does not occur


Expected results:

cloneInto and exportFunction should not require "unsafe-content-script"
https://bugzilla.mozilla.org/show_bug.cgi?id=1399562
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: