Note: There are a few cases of duplicates in user autocompletion which are being worked on.

Allow WebExtensions to construct a Cu.Sandbox

Assigned to
(NeedInfo from)



WebExtensions: General
4 months ago
22 days ago


(Reporter: robwu, Assigned: mixedpuppy, NeedInfo)


(Blocks: 1 bug)

52 Branch

Firefox Tracking Flags

(Not tracked)


(Whiteboard: [outreach][awe:{e4a8a97b-f2ed-450b-b12d-ee082ba24781}] triaged)



4 months ago
User script managers need to run untrusted code in an isolated context, which
1) protects the script from tampering by the page and
2) protects other scripts from malicious scripts.

I looked at Tampermonkey for Chrome (also a user script manager), and it runs all user scripts in the context of the page, while exposing semi-privileged methods such as GM_xmlhttpRequest to the script. Creating such a sandbox takes lots of efforts (not just development time, but also runtime) and is not guaranteed to be secure.

Since we have Cu.Sandbox in Firefox [1], we should expose this to WebExtensions to allow them to run untrusted scripts.


Comment 1

3 months ago
adding details for wont fix
Flags: needinfo?(kmaglione+bmo)

Comment 2

3 months ago
At some point in the future there may be JS Realms, which are quite similar to sandboxes. So maybe a shim around sandboxes that models things after realm APIs could be used? Although one thing is missing from realms: control over xrays.

see and bug 962053

Comment 3

3 months ago
today greasemonkey uses two modes of sandbox operation

a) |@grant none| mode[0]. This is a sandbox with the same principal as the page content and with xrays off.
b) privileged API mode[1]. This is a sandbox with an extended principal that only contains the content principal and with xrays 

And to actually use the sandbox it obviously needs a way to load scripts into it[2]. That's all fairly similar to what webextensions are doing but there also are some differences that make implementing userscripts on top of webextensions less secure than they are in GM. 



2 months ago
Flags: needinfo?(sescalante)

Comment 4

a month ago
Kris will add details about the needed api
Flags: needinfo?(sescalante)
Whiteboard: [outreach] triaged


a month ago
Whiteboard: [outreach] triaged → [outreach][awe:{e4a8a97b-f2ed-450b-b12d-ee082ba24781}] triaged

Comment 5

22 days ago
Andy is going to follow up on this one when there is an opening
Flags: needinfo?(amckay)


22 days ago
Assignee: nobody → mixedpuppy
Flags: needinfo?(amckay)
You need to log in before you can comment on or make changes to this bug.