Created attachment 8650438 [details] mailvelope.firefox.xpi User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36 Steps to reproduce: We are using cloneInto and exportFunction to expose an API to a page script as described here: https://developer.mozilla.org/en-US/Add-ons/SDK/Guides/Content_Scripts/Interacting_with_page_scripts#Expose_objects_to_page_scripts If we don't set the "unsafe-content-script" in the package.json the addon throws the exception: Error: Permission denied to access property "xyz" Actual results: Please install the attached addon. In the addon toolbar click on the locker icon and click on 'Options'. -> a new tab opens -> exception: Error: Permission denied to access property "error" If "unsafe-content-script" in the package.json is set to true, the error does not occur Expected results: cloneInto and exportFunction should not require "unsafe-content-script"
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 months ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.