Open Bug 1628178 Opened 5 years ago Updated 5 months ago

Hide envType, extensionId, and contextId in MessageSender

Categories

(WebExtensions :: General, task, P3)

71 Branch
task

Tracking

(Not tracked)

REOPENED
93 Branch

People

(Reporter: richard, Unassigned)

References

Details

As per GitHub issue #2626 Error in onMessage page? the public version of runtime.MessageSender includes the properties envType, extensionId, and contextId. these properties are only used internally (as part of the WebExtension framework's messaging internals), they are not part of the schema and they should not be sent to the extension.

This is a known issue and we should fix this by remove it.

I mentioned this as a part of bug 1509938; we can fix this and similar issues when we do actually verify that the implementation behaves as documented (bug 1509938).

Priority: -- → P3
See Also: → 1509938

Because this bug's Severity has not been changed from the default since it was filed, and it's Priority is P3 (Backlog,) indicating it has been triaged, the bug's Severity is being updated to S3 (normal.)

Severity: normal → S3
Component: Untriaged → General
See Also: → 1750623

Comment 3 was addressed in bug 1728669. With that addressed, it became possible to remove envType, etc. from MessageSender.

envType, etc. was removed as part of bug 1708243 in https://hg.mozilla.org/mozilla-central/rev/2dc4f1baccc8.

Note: with the removal of envType, extensions lost the (undocumented) ability to check the authenticity of a message (addon_child vs content_child). MessageSender.origin should offer a standard alternative (bug 1787379).

Status: NEW → RESOLVED
Closed: 1 year ago
Depends on: 1708243, 1728669
Resolution: --- → FIXED
See Also: → 1787379
Target Milestone: --- → 93 Branch

Bug 1708243 did not remove envType and contextId.
The properties are still there: https://searchfox.org/mozilla-central/rev/b94e479d0b79b157029379832d05229df646e134/toolkit/components/extensions/ExtensionParent.sys.mjs#299,301

Re-opening. We should consider removing them eventually. There is a chance for contextId to be standardized and introduced, so let's wait with removing contextId until it's clear that we don't want it.

In the WECG contextId was mentioned at https://github.com/w3c/webextensions/blob/main/proposals/runtime_get_contexts.md
The PR that introduced the proposal and has relevant discussion is at https://github.com/w3c/webextensions/pull/334

Severity: S3 → N/A
Status: RESOLVED → REOPENED
Type: defect → task
No longer depends on: 1708243
Resolution: FIXED → ---
You need to log in before you can comment on or make changes to this bug.