Created attachment 8597440 [details] [diff] [review] patch I don't understand why a content script for an add-on should be prevented from interacting directly with a page that's packaged as part of the add-on. It makes it more difficult to write add-ons and doesn't seem to offer any additional security. We already allow add-on pages without content scripts to access the full Jetpack SDK via the |addon| property on the page's window object. However, sometimes it's nice to use a content script rather than a <script> tag in the add-on page. Not sure who should review this.
I can review this.
hmm this blob might need to be updated too https://github.com/mozilla/addon-sdk/blob/master/lib/sdk/deprecated/traits-worker.js#L131-L246 maybe we can finally remove that module too..
(In reply to Erik Vold [:erikvold] (please needinfo? me) from comment #2) > hmm this blob might need to be updated too > https://github.com/mozilla/addon-sdk/blob/master/lib/sdk/deprecated/traits- > worker.js#L131-L246 > > maybe we can finally remove that module too.. Yes we can ignore this module, I've made bug 1158356 and a patch to remove those modules.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1159619
Comment on attachment 8597440 [details] [diff] [review] patch We discussed in irc that an add-on using a content script would regress with this patch, and I remember talking about a working around but I don't recall what that was. The main issue here is that I don't think it helps use achieve our goal, we want to expose a separate window to add-on content I think, or an arbitrary api. This patch will merely expose a content scripts to unsafeWindow rather than xray'd window.
Attachment #8597440 - Flags: feedback-
You need to log in before you can comment on or make changes to this bug.