1486036 - content scripts/css not injected in about:blank frames

Status: NEW

(WebExtensions :: General, defect, P3)

Description

[Rob Wu [:robwu]]

Attachment: all_frames_and_blank.zip

STR.
1. Load attached extension.
2. Visit example.com.
3. Open devtools, and run the following snippet in the console:
   document.body.innerHTML = '<iframe>';

Expected:
After step 2: The page starts with "Injected static script at document_start" / "document_end"
After step 3: The added frame should contain: "Injected static script at document_start" / "document_end"

Actual:
After step 2: As expected.
After step 3: The frame is blank.

More info:
- The scripts are executed as expected when an extension starts up, or when tabs.executeScript is used.
- The issue is caused by the early return at: https://searchfox.org/mozilla-central/rev/c45b9755593ce6cc91f558b21e544f5165752de7/toolkit/components/extensions/ExtensionPolicyService.cpp#343-348
  (the document's readyState is READYSTATE_UNINITIALIZED).

Comment 1

[Kris Maglione [:kmag]]

(In reply to Rob Wu [:robwu] from comment #0)
> - The issue is caused by the early return at:
> https://searchfox.org/mozilla-central/rev/
> c45b9755593ce6cc91f558b21e544f5165752de7/toolkit/components/extensions/
> ExtensionPolicyService.cpp#343-348
>   (the document's readyState is READYSTATE_UNINITIALIZED).

No it isn't. The uninitialized about:blank document is eventually replaced by another document. Injecting anything into an uninitialized document is by definition the wrong behavior.

Comment 2

[Rob Wu [:robwu]]

(In reply to Kris Maglione [:kmag] from comment #1)
> (In reply to Rob Wu [:robwu] from comment #0)
> > - The issue is caused by the early return at:
> > https://searchfox.org/mozilla-central/rev/c45b9755593ce6cc91f558b21e544f5165752de7/toolkit/components/extensions/ExtensionPolicyService.cpp#343-348
> >   (the document's readyState is READYSTATE_UNINITIALIZED).
> 
> No it isn't. The uninitialized about:blank document is eventually replaced
> by another document. Injecting anything into an uninitialized document is by
> definition the wrong behavior.

Does this document replacement even happen if the document is touched by a script?

The bug does not occur when I replace step 2-3 by opening an ordinary HTML page containing only <iframe></iframe> (this suggests that devtools is triggering a condition for this bug).

But when I use the following page (still without DevTools), then the test fails (as reported):
<iframe></iframe>
<script>frames[0]</script>

Comment 3

[Rob Wu [:robwu]]

The test also fails for the following cases:

Step 3: Run any of the following snippets, close the devtools and click in the page:

onclick = () => { window.open("about:blank"); }

onclick = () => { document.body.append(document.createElement("iframe")); };

Comment 4

[Rob Wu [:robwu]]

Bug 1415539 also reports that content scripts don't load, but under different circumstances (frame is inserted after some delay).

They could be duplicates, but I can't really tell.