Closed Bug 1448129 Opened 6 years ago Closed 6 years ago

executeScript into frames with activeTab: "Error: Frame not found, or missing host permission"

Categories

(WebExtensions :: Frontend, defect)

Product:
WebExtensions
Component:
Frontend
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox59 affected, firefox60 affected, firefox61 affected)

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
firefox59 --- affected
firefox60 --- affected
firefox61 --- affected

People

(Reporter: hanu6, Unassigned)

Details

Attachments

(1 file)

test-0.1.zip
606 bytes, application/zip
Details
Attached file test-0.1.zip 
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20100101

Steps to reproduce:

Load the example addon.
Use the context menu item on an iframe element like the youtube videos here: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Your_second_WebExtension



Actual results:

"Error: Frame not found, or missing host permission" even though activeTab is taken


Expected results:

alert should've popped up. This used to work in 57 at least. Now it doesn't work in 59 or 60.
Following the STR from comment 0, I could reproduce this on:
Ubuntu 16.04 x64 using:
58.0.2 20180206200532
59.0.2 20180323154952
60.0b6 20180322152034
61.0a1 20180325220121

IMO, for further investigation, Webextensions/FrontEnd would be a good place for initial triage.
Status: UNCONFIRMED → NEW
status-firefox59: --- → affected
status-firefox60: --- → affected
status-firefox61: --- → affected
Component: Untriaged → WebExtensions: Frontend
Ever confirmed: true
Product: Firefox → Toolkit
Version: 59 Branch → Trunk
Sorry, but this is intended. We allow extensions with the activeTab permission to access iframes which were part of the initial page HTML, but not frames which were created by scripts.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Note that this error will be also thrown if you create IFRAME with blocked JavaScript (with attribute `sandbox` without `allow-scripts` value.
Product: Toolkit → WebExtensions
This bug/feature forces my Change Case extension to ask for the <all_urls> permission instead of the activeTab, otherwise it won't work on something like disqus. Why is that a win?

IMHO activeTab in combination with contexMenu permission should allow access (and only then), when the user explicitly opens a context menu ON a frame element.

Also info.frameUrl is not supported by Firefox, so even a optional runtime host permission for the frameUrl is not possible.

Leaving the <all_urls> permission, which  "gives the extension much more power than it needs: it could now execute scripts in any tab, any time it likes, instead of just the active tab and just in response to a user action."
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: