Hide envType, extensionId, and contextId in MessageSender
Categories
(WebExtensions :: General, task, P3)
Tracking
(Not tracked)
People
(Reporter: richard, Unassigned)
References
Details
As per GitHub issue #2626 Error in onMessage page? the public version of runtime.MessageSender includes the properties envType
, extensionId
, and contextId
. these properties are only used internally (as part of the WebExtension framework's messaging internals), they are not part of the schema and they should not be sent to the extension.
Comment 1•5 years ago
|
||
This is a known issue and we should fix this by remove it.
I mentioned this as a part of bug 1509938; we can fix this and similar issues when we do actually verify that the implementation behaves as documented (bug 1509938).
Comment 2•4 years ago
|
||
Because this bug's Severity has not been changed from the default since it was filed, and it's Priority is P3
(Backlog,) indicating it has been triaged, the bug's Severity is being updated to S3
(normal.)
Updated•4 years ago
|
Comment 3•3 years ago
|
||
Note: The GeckoView implementation relies on these properties to be set in its "native message" implementation at
- https://searchfox.org/mozilla-central/rev/78963fe42f8d5f582f84da84a5e78377b6c1fc32/mobile/android/modules/geckoview/GeckoViewWebExtension.jsm#221,223,228,234,248,263
- https://searchfox.org/mozilla-central/rev/78963fe42f8d5f582f84da84a5e78377b6c1fc32/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebExtensionController.java#1074,1094,1103-1104,1107,1117
If we were to remove these properties from sender
, then GeckoView would break, similarly to bug 1750623. The problem and remediation is described in https://bugzilla.mozilla.org/show_bug.cgi?id=1750623#c4.
Comment 4•1 year ago
|
||
Comment 3 was addressed in bug 1728669. With that addressed, it became possible to remove envType, etc. from MessageSender.
envType, etc. was removed as part of bug 1708243 in https://hg.mozilla.org/mozilla-central/rev/2dc4f1baccc8.
Note: with the removal of envType
, extensions lost the (undocumented) ability to check the authenticity of a message (addon_child vs content_child). MessageSender.origin
should offer a standard alternative (bug 1787379).
Comment 5•5 months ago
|
||
Bug 1708243 did not remove envType and contextId.
The properties are still there: https://searchfox.org/mozilla-central/rev/b94e479d0b79b157029379832d05229df646e134/toolkit/components/extensions/ExtensionParent.sys.mjs#299,301
Re-opening. We should consider removing them eventually. There is a chance for contextId to be standardized and introduced, so let's wait with removing contextId until it's clear that we don't want it.
In the WECG contextId was mentioned at https://github.com/w3c/webextensions/blob/main/proposals/runtime_get_contexts.md
The PR that introduced the proposal and has relevant discussion is at https://github.com/w3c/webextensions/pull/334
Description
•