Closed
Bug 1477248
Opened 6 years ago
Closed 6 years ago
browser.search.search: Remove requireUserInput
Categories
(WebExtensions :: General, enhancement, P3)
WebExtensions
General
Tracking
(firefox63 fixed, firefox64 fixed)
RESOLVED
FIXED
mozilla64
People
(Reporter: robwu, Assigned: evilpie)
References
Details
(Keywords: dev-doc-complete)
Attachments
(2 files, 1 obsolete file)
|
8.57 KB,
patch
|
mixedpuppy
:
review+
|
Details | Diff | Splinter Review |
|
737 bytes,
patch
|
pascalc
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
The browser.search.search API currently requires user input.
This user interaction should not be required, because the API is not dangerous (and no more dangerous than performing a navigation).
Having this user gesture requirement reduces the usefulness of the API, and extensions could ignore the browser.search API and open a hard-coded search engine, which reduces the control of users.
As an example of a use case, consider an extension that adds a menu item to start searches in a private browsing window or container tab, i.e.:
browser.menus.onClicked.addListener(async (info, tab) {
let win = await browser.windows.create({incognito: true});
let tabId = win.tabs[0].id;
browser.search.search("...", info.selectionText);
})
|
Reporter | |
Comment 1•6 years ago
|
||
I found out about this new API and the unnecessary user gesture requirement because of this comment: https://bugzilla.mozilla.org/show_bug.cgi?id=1398833#c6
See Also: → 1398833
|
||
Comment 2•6 years ago
|
||
I honestly don't remember the reason that I added the user input requirement. It might have been an earlier version of the API that did more. Does my use of tabs create mean that the search doesn't work if you don't have the tabs permission?
|
|
Reporter | |
Comment 3•6 years ago
|
||
The tabs permission is only needed to view the URL, title and icon of tabs.
tabs.create can be used without permissions.
In the example above (change ") {" to ") => {" by the way) , browser.search.search does not work because the user gesture is lost the moment that another async API was invoked.
|
||
Comment 4•6 years ago
|
||
The requirement for user input is to prevent search hijacking and monetization of search without user knowledge. Without this requirement, malicious extensions can use the search API to perform searches on any installed engine as often as they like. The potential for abuse outweighs the limitations that the requirement imposes.
Severity: normal → enhancement
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
|
Assignee | |
Comment 5•6 years ago
|
||
See also https://github.com/tridactyl/tridactyl/issues/792#issuecomment-417839540. This changes makes browser.search useless to that addon.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
|
|
Assignee | |
Comment 6•6 years ago
|
||
I don't see the justification for the abuse argument. Unless this is a POST based search engine, the extension can just use browser.tabs.create and add our magic parameters to the search query.
|
|
Assignee | |
Updated•6 years ago
|
Flags: needinfo?(mozilla)
|
|
Assignee | |
Comment 7•6 years ago
|
||
See also bug 1352598 comment 138
|
|
||
Comment 8•6 years ago
|
||
I'll remove. We had a reason initially but I don't remember the justification.
Flags: needinfo?(mozilla)
|
||
Comment 9•6 years ago
|
||
(In reply to Tom Schuster [:evilpie] from comment #6) > I don't see the justification for the abuse argument. Unless this is a POST > based search engine, the extension can just use browser.tabs.create and add > our magic parameters to the search query. I agree, unless we were to prevent opening tabs to search engines via tabs.create and only allow it through the search api. That's probably not a great idea to do, but haven't thought it through.
|
|
Assignee | |
Updated•6 years ago
|
Assignee: nobody → evilpies
|
|
Assignee | |
Comment 10•6 years ago
|
||
|
|
Assignee | |
Comment 11•6 years ago
|
||
Comment on attachment 9006479 [details] [diff] [review] browser.search.search: Remove requireUserInput. r? We should also uplift this change to Firefox 63.
Attachment #9006479 -
Flags: review?(mozilla)
|
|
||
Comment 12•6 years ago
|
||
I think mconca should chime in prior to this landing.
Flags: needinfo?(mconca)
|
|
||
Comment 13•6 years ago
|
||
Comment on attachment 9006479 [details] [diff] [review] browser.search.search: Remove requireUserInput. r? LGTM. Need the feedback from mconca.
Attachment #9006479 -
Flags: review?(mozilla) → review+
|
|
Assignee | |
Comment 14•6 years ago
|
||
Too bad that mconca seems to be away a few more days, I was hoping to get this into Beta as soon as possible.
|
|
||
Comment 15•6 years ago
|
||
We could ask mconnor as well, but I'm not clear around the urgency to get this into beta.
Flags: needinfo?(mconnor)
|
|
||
Updated•6 years ago
|
Priority: -- → P3
|
|
Reporter | |
Comment 16•6 years ago
|
||
(In reply to Shane Caraveo (:mixedpuppy) from comment #15) > We could ask mconnor as well, but I'm not clear around the urgency to get > this into beta. If we decide to drop the user interaction requirement, then getting it into Beta (63) is desirable because Fiefox 63 is the first release that supports the browser.search API. The patch is trivial and not having to account for the user gesture requirement makes using the API considerably easier.
|
|
||
Comment 17•6 years ago
|
||
Ok, that makes sense. However since mconca disagreed with removal, I want product to chime in. Either him or mconnor.
|
|
Assignee | |
Comment 18•6 years ago
|
||
Any news?
|
|
||
Comment 19•6 years ago
|
||
This change was discussed with the search PM and Eng leads (:mconnor and :mikedeboer). Both are comfortable with the change. I've asked :mconnor to respond here with his approval and, pending that action, this patch can land.
Flags: needinfo?(mconca)
|
||
Comment 20•6 years ago
|
||
Agreed on removing the restriction. There's some legit concerns about search hijacking, but I don't think this restriction is the way to resolve those.
Flags: needinfo?(mconnor)
|
|
||
Comment 21•6 years ago
|
||
Comment on attachment 9006479 [details] [diff] [review] browser.search.search: Remove requireUserInput. r? blocking review while I take a look at the test changes.
Attachment #9006479 -
Flags: review?(mixedpuppy)
|
|
||
Comment 23•6 years ago
|
||
Comment on attachment 9006479 [details] [diff] [review] browser.search.search: Remove requireUserInput. r? I think that test_search_notab, test_search_from_options_page, test_search_from_sidebar tests can be removed. test_search and test_search_default_engine can remove the onclicked handling, and dont forget the browser_action in manifest. With those changes, r+
Attachment #9006479 -
Flags: review?(mixedpuppy) → review+
|
|
Reporter | |
Comment 24•6 years ago
|
||
(In reply to Shane Caraveo (:mixedpuppy) from comment #23) > Comment on attachment 9006479 [details] [diff] [review] > browser.search.search: Remove requireUserInput. r? > > I think that test_search_notab, test_search_from_options_page, test_search_notab is the only test that verifies that a new tab is opened when tabId is not set. That test coverage should be preserved, for example by merging test_search and test_search_notab. The test_search_default_engine at the end already tests the browser.search.search method with the tabId set.
|
|
||
Comment 25•6 years ago
|
||
(In reply to Rob Wu [:robwu] from comment #24) > (In reply to Shane Caraveo (:mixedpuppy) from comment #23) > > Comment on attachment 9006479 [details] [diff] [review] > > browser.search.search: Remove requireUserInput. r? > > > > I think that test_search_notab, test_search_from_options_page, > > test_search_notab is the only test that verifies that a new tab is opened > when tabId is not set. Good catch. most of these tests are highly replicated, could probably all move into a single test and test: no tabId, tabId, search engine name, default search engine.
|
|
Assignee | |
Comment 26•6 years ago
|
||
Unifying the custom search engine and default search engine test seemed to complicated for me. I will set up phabricator locally at some later date. (php really?)
Flags: needinfo?(evilpies)
Attachment #9010437 -
Flags: review?(mixedpuppy)
|
|
||
Comment 27•6 years ago
|
||
Comment on attachment 9010437 [details] [diff] [review] Bug 1477248 - Simplify tests.r ? Thanks!
Attachment #9010437 -
Flags: review?(mixedpuppy) → review+
|
|
Assignee | |
Updated•6 years ago
|
Keywords: dev-doc-needed
|
||
Comment 28•6 years ago
|
||
Pushed by evilpies@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/ada62d24880b browser.search.search: Remove requireUserInput. r=mkaply https://hg.mozilla.org/integration/mozilla-inbound/rev/a15b3cd9ec97 Simplify tests. r=mixedpuppy
|
|
Assignee | |
Comment 29•6 years ago
|
||
I split out the test change from "browser.search.search: Remove requireUserInput. r?" that got reviewed by mkaply. We should uplift this patch instead. (As committed to m-i)
Attachment #9006479 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•6 years ago
|
Attachment #9010574 -
Attachment description: Landed patch to requireUserInput → Landed patch to remove requireUserInput
|
|
Assignee | |
Comment 30•6 years ago
|
||
Comment on attachment 9010574 [details] [diff] [review] Landed patch to remove requireUserInput Approval Request Comment [Feature/Bug causing the regression]: bug 1352598 (initial landing of this feature) [User impact if declined]: API is useless for many extensions. WebExtensions have to explicitly check for the Firefox version. This is a new API in beta, so we have the chance to fix this before release. [Is this code covered by automated tests?]: Yes [Has the fix been verified in Nightly?]: No [Needs manual test from QE? If yes, steps to reproduce]: No [List of other uplifts needed for the feature/fix]: None [Is the change risky?]: No [Why is the change risky/not risky?]: Removes an additional restriction to this webextension API that is unnecessary [String changes made/needed]:
Attachment #9010574 -
Flags: approval-mozilla-beta?
|
||
Comment 31•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/ada62d24880b https://hg.mozilla.org/mozilla-central/rev/a15b3cd9ec97
Status: REOPENED → RESOLVED
Closed: 6 years ago → 6 years ago
status-firefox64:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
|
||
Comment 32•6 years ago
|
||
Comment on attachment 9010574 [details] [diff] [review] Landed patch to remove requireUserInput Minimal patch fixing a well defined bug, uplift approved for 63 beta 9, thanks.
Attachment #9010574 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
||
Comment 33•6 years ago
|
||
| bugherder uplift | ||
https://hg.mozilla.org/releases/mozilla-beta/rev/cef6e1feaaa3 https://hg.mozilla.org/releases/mozilla-beta/rev/7c24f95da514
status-firefox63:
--- → fixed
|
|
Assignee | |
Comment 34•6 years ago
|
||
Removed the sentence about user actions on https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/search/search.
Keywords: dev-doc-needed → dev-doc-complete
|
||
Comment 35•6 years ago
|
||
(In reply to Tom Schuster [:evilpie] from comment #34) > Removed the sentence about user actions on > https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/ > search/search. I've added a note to the Fx 64 rel notes to cover this too: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/64#Changes_for_add-on_developers
|
|
Assignee | |
Comment 36•6 years ago
|
||
I think this is rather confusing, this change was uplifted to 63.
You need to log in
before you can comment on or make changes to this bug.
Description
•