Open Bug 1456531 Opened 6 years ago Updated 3 years ago

cloneScope.Promise is unreliable in content scripts

Categories

(WebExtensions :: General, task, P3)

Product:
WebExtensions
Component:
General
Version:
60 Branch
Type:
task

Tracking

(Not tracked)

People

(Reporter: robwu, Unassigned)

References

(Depends on 1 open bug)

Details

cloneScope.Promise is used with the assumption that it's always a Promise.
Extensions can overwrite Promise and break the internal implementation (e.g. as reported at https://github.com/mozilla/webextension-polyfill/issues/105#issuecomment-383880324 ).

STR: Test case to run in a CONTENT SCRIPT
Promise = null;
browser.runtime.sendMessage('msg', function() {});
// Result: "this.cloneScope.Promise is not a constructor" error in ExtensionCommon.jsm
// in https://searchfox.org/mozilla-central/rev/8f06c1b9a080b84435a2906e420fe102e1ed780b/toolkit/components/extensions/ExtensionCommon.jsm#450


cloneScope.Promise is also used at https://searchfox.org/mozilla-central/rev/8f06c1b9a080b84435a2906e420fe102e1ed780b/toolkit/components/extensions/ExtensionChild.jsm#461
(perhaps this can be replaced with a thenable check?)


Similarly for the storage API, run from a CONTENT SCRIPT:
Object = null
browser.storage.local.get(null);
// TypeError: context.cloneScope.Object is not a constructor
// in  https://searchfox.org/mozilla-central/rev/8f06c1b9a080b84435a2906e420fe102e1ed780b/toolkit/components/extensions/child/ext-storage.js#54


... and potentially other APIs that access properties of cloneScope: https://searchfox.org/mozilla-central/search?q=cloneScope.&case=false&regexp=false&path=
We briefly discussed about this during the triage meeting, and one strategy that we have been discussing was to retrieve from the content scripts sandbox the globals that we are going to use internally (like Promise and Object mentioned above) before that the extension code is actually executed in that sandbox. 

I'm marking it as a P2 as we agreed.
Priority: -- → P2
Depends on: 1460719
Product: Toolkit → WebExtensions
Some of the issues here have been fixed by the first patch of bug 1437864 - https://hg.mozilla.org/mozilla-central/rev/7488bfbbaf8d
Depends on: 1437864
Depends on: 1468579

Hey Rob, curious about the status on this and the parent. Should we downgrade these bugs to P3 or keep them prioritized?

Flags: needinfo?(rob)

I just checked, and currently every use of cloneScope. is not affected by this bug, because none of the occurrences are available to content scripts.

This is still a hazard that we should fix.
P3 might be fine, but I'd like to briefly discuss this with other team members.

We're now doing weekly P2 triage, oldest to newest, so by posting a comment here the bug will be triaged last ;)

Flags: needinfo?(rob)
Severity: normal → N/A
Type: defect → task
Priority: P2 → P3
You need to log in before you can comment on or make changes to this bug.