Allow content scripts to directly access the window of add-on pages

RESOLVED DUPLICATE of bug 1159619

Status

Add-on SDK
General
RESOLVED DUPLICATE of bug 1159619
3 years ago
3 years ago

People

(Reporter: billm, Assigned: billm)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

Created attachment 8597440 [details] [diff] [review]
patch

I don't understand why a content script for an add-on should be prevented from interacting directly with a page that's packaged as part of the add-on. It makes it more difficult to write add-ons and doesn't seem to offer any additional security.

We already allow add-on pages without content scripts to access the full Jetpack SDK via the |addon| property on the page's window object. However, sometimes it's nice to use a content script rather than a <script> tag in the add-on page.

Not sure who should review this.
I can review this.
hmm this blob might need to be updated too https://github.com/mozilla/addon-sdk/blob/master/lib/sdk/deprecated/traits-worker.js#L131-L246

maybe we can finally remove that module too..
(In reply to Erik Vold [:erikvold] (please needinfo? me) from comment #2)
> hmm this blob might need to be updated too
> https://github.com/mozilla/addon-sdk/blob/master/lib/sdk/deprecated/traits-
> worker.js#L131-L246
> 
> maybe we can finally remove that module too..

Yes we can ignore this module, I've made bug 1158356 and a patch to remove those modules.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1159619
Comment on attachment 8597440 [details] [diff] [review]
patch

We discussed in irc that an add-on using a content script would regress with this patch, and I remember talking about a working around but I don't recall what that was.

The main issue here is that I don't think it helps use achieve our goal, we want to expose a separate window to add-on content I think, or an arbitrary api.  This patch will merely expose a content scripts to unsafeWindow rather than xray'd window.
Attachment #8597440 - Flags: feedback-
You need to log in before you can comment on or make changes to this bug.