exportFunction still requires unsafe-content-script option

RESOLVED INCOMPLETE

Status

Add-on SDK
General
RESOLVED INCOMPLETE
2 years ago
4 months ago

People

(Reporter: Thomas Oberndörfer, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
Created attachment 8650438 [details]
mailvelope.firefox.xpi

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36

Steps to reproduce:

We are using cloneInto and exportFunction to expose an API to a page script as described here: https://developer.mozilla.org/en-US/Add-ons/SDK/Guides/Content_Scripts/Interacting_with_page_scripts#Expose_objects_to_page_scripts

If we don't set the "unsafe-content-script" in the package.json the addon throws the exception:

Error: Permission denied to access property "xyz"


Actual results:

Please install the attached addon. In the addon toolbar click on the locker icon and click on 'Options'.
-> a new tab opens
-> exception: Error: Permission denied to access property "error"

If "unsafe-content-script" in the package.json is set to true, the error does not occur


Expected results:

cloneInto and exportFunction should not require "unsafe-content-script"
https://bugzilla.mozilla.org/show_bug.cgi?id=1399562
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 months ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.