Closed
Bug 1448129
Opened 6 years ago
Closed 6 years ago
executeScript into frames with activeTab: "Error: Frame not found, or missing host permission"
Categories
(WebExtensions :: Frontend, defect)
WebExtensions
Frontend
Tracking
(firefox59 affected, firefox60 affected, firefox61 affected)
RESOLVED
WONTFIX
People
(Reporter: hanu6, Unassigned)
Details
Attachments
(1 file)
606 bytes,
application/zip
|
Details |
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Build ID: 20100101 Steps to reproduce: Load the example addon. Use the context menu item on an iframe element like the youtube videos here: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Your_second_WebExtension Actual results: "Error: Frame not found, or missing host permission" even though activeTab is taken Expected results: alert should've popped up. This used to work in 57 at least. Now it doesn't work in 59 or 60.
Comment 1•6 years ago
|
||
Following the STR from comment 0, I could reproduce this on: Ubuntu 16.04 x64 using: 58.0.2 20180206200532 59.0.2 20180323154952 60.0b6 20180322152034 61.0a1 20180325220121 IMO, for further investigation, Webextensions/FrontEnd would be a good place for initial triage.
Status: UNCONFIRMED → NEW
status-firefox59:
--- → affected
status-firefox60:
--- → affected
status-firefox61:
--- → affected
Component: Untriaged → WebExtensions: Frontend
Ever confirmed: true
Product: Firefox → Toolkit
Version: 59 Branch → Trunk
Comment 2•6 years ago
|
||
Sorry, but this is intended. We allow extensions with the activeTab permission to access iframes which were part of the initial page HTML, but not frames which were created by scripts.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Comment 3•6 years ago
|
||
Note that this error will be also thrown if you create IFRAME with blocked JavaScript (with attribute `sandbox` without `allow-scripts` value.
Updated•6 years ago
|
Product: Toolkit → WebExtensions
This bug/feature forces my Change Case extension to ask for the <all_urls> permission instead of the activeTab, otherwise it won't work on something like disqus. Why is that a win? IMHO activeTab in combination with contexMenu permission should allow access (and only then), when the user explicitly opens a context menu ON a frame element. Also info.frameUrl is not supported by Firefox, so even a optional runtime host permission for the frameUrl is not possible. Leaving the <all_urls> permission, which "gives the extension much more power than it needs: it could now execute scripts in any tab, any time it likes, instead of just the active tab and just in response to a user action."
You need to log in
before you can comment on or make changes to this bug.
Description
•