Closed Bug 1711168 Opened 4 years ago Closed 3 years ago

support extensions in web_accessible_resources

Categories

(WebExtensions :: General, enhancement, P2)

Product:
WebExtensions
Component:
General
Type:
enhancement
Points:
5

Tracking

(firefox105 fixed)

Status:
RESOLVED FIXED
Milestone:
105 Branch
Tracking Flags:
Tracking Status
firefox105 --- fixed

People

(Reporter: mixedpuppy, Assigned: mixedpuppy)

References

(Depends on 2 open bugs, Blocks 2 open bugs)

Details

(Keywords: dev-doc-complete, Whiteboard: [mv3-m2] )

Attachments

(2 files, 2 obsolete files)

Bug 1711168 support extension matching in webAccessibleResources
48 bytes, text/x-phabricator-request
Details | Review
Bug 1711168 allow extension pages to be loaded as top level tabs by other extensions
48 bytes, text/x-phabricator-request
Details | Review

Add support for extension id matching in WAC, and require either matches or extensions, not both.

Blocks: 1713196
Whiteboard: mv3:m1 → mv3:m1 [mv3-m1]
Pushed by scaraveo@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/19de2822bc0c support extension matching in webAccessibleResources r=zombie,smaug

https://hg.mozilla.org/mozilla-central/rev/19de2822bc0c

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox91: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 91 Branch
Regressions: 1719063

Backed out changeset 19de2822bc0c (bug 1711168) for causing Bug 1719063.
https://hg.mozilla.org/integration/autoland/rev/8fc06b7667d8102c267b236488da6bbc39ef962e

Status: RESOLVED → REOPENED
status-firefox91: fixed → ---
Resolution: FIXED → ---
Target Milestone: 91 Branch → ---
Whiteboard: mv3:m1 [mv3-m1] → [mv3-m2]

enforcing a restriction on extensions opening other extension resources breaks newtab, homepage, probably protocol handlers. In order to enforce such a restriction, we need to flag these "ui resources" somehow, perhaps like we do for some about pages using nsIAboutModule::MAKE_LINKABLE or nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT. Another option would be to set nsIProtocolHandler::URI_LOADABLE_BY_ANYONE in the extension protocol handler.

Another thought is to bypass the extension match restriction if BrowsingContext->isTop. That (I think) should allow something like a tab manager to open tabs to other extensions, but require matching for embedding iframes/etc.

There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:mixedpuppy, could you have a look please?
For more information, please visit auto_nag documentation.

Flags: needinfo?(tomica)
Flags: needinfo?(mixedpuppy)

Found issues with the patch on try, it's being worked on.

Flags: needinfo?(tomica)
Flags: needinfo?(mixedpuppy)

A special exception is made to allow certain resource to be accessed by any extenison.
This allows e.g. a tab manager to open a newtab that is provided by a different extension.

Points: --- → 5
Whiteboard: [mv3-m2] → [mv3-m2]
Attachment #9233619 - Attachment is obsolete: true
Attachment #9279320 - Attachment description: Bug 1711168 ensure extension provided newtab works with webAccessibleResource restrictions → Bug 1711168 ensure extension provided newtab and homepage works with webAccessibleResource restrictions
Attachment #9279320 - Attachment is obsolete: true
Depends on: 1780484
Pushed by scaraveo@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3d061ce03de7 support extension matching in webAccessibleResources r=zombie,smaug,rpl https://hg.mozilla.org/integration/autoland/rev/902385a7ce60 allow extension pages to be loaded as top level tabs by other extensions r=rpl
Flags: needinfo?(mixedpuppy)
Depends on: 1780583

Alexandru,
I'm trying to understand what the perf improvements are. From what I can see, the values for the commit in comment 13 are all in line with previous values. The backout seems to be improving overal perf, but that doesn't make sense. The google-docs value is an clear example. Backout and report in comment 15 says a 9% improvement. But the prior entry is my patch, which is 760ms, which is what almost all prior tests have.

I'm not sure how I'm supposed to think about this.

Flags: needinfo?(aionescu)

I've looked over the perfherder graphs and our patches with another team member. We don't see how the changes have any relation or affect and given the patch that landed had the same timing as prior patches, we don't think the "improvement" is related to the patch and is otherwise a coincidence. I'm going to reland and see how this looks after.

Pushed by scaraveo@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4cfd51c07734 support extension matching in webAccessibleResources r=zombie,smaug,rpl https://hg.mozilla.org/integration/autoland/rev/d0da1be14163 allow extension pages to be loaded as top level tabs by other extensions r=rpl,geckoview-reviewers,calu

https://hg.mozilla.org/mozilla-central/rev/4cfd51c07734
https://hg.mozilla.org/mozilla-central/rev/d0da1be14163

Status: REOPENED → RESOLVED
Closed: 4 years ago3 years ago
status-firefox105: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 105 Branch
Flags: needinfo?(aionescu)
Keywords: perf-alert
See Also: → 1780581
Regressions: 1786564
See Also: → 1788524

Considering the backwards-breaking change in this bug, we should add a note to the changelog at https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/105:

Extensions resources can no longer be loaded by other extensions by default, unless the extension resource is listed in web_accessible_resources.

Keywords: dev-doc-needed

Documentation updates completed in PR #21194 and browser compatibility data changes in PR #17914

Keywords: dev-doc-neededdev-doc-complete
See Also: → 1828128
Regressions: CVE-2023-5725
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: