Closed Bug 1711168 Opened 1 year ago Closed 2 months ago

support extensions in web_accessible_resources

Categories

(WebExtensions :: General, enhancement, P2)

enhancement
Points:
5

Tracking

(firefox105 fixed)

RESOLVED FIXED
105 Branch
Tracking Status
firefox105 --- fixed

People

(Reporter: mixedpuppy, Assigned: mixedpuppy)

References

(Depends on 2 open bugs, Blocks 2 open bugs)

Details

(Keywords: dev-doc-needed, Whiteboard: [mv3-m2] )

Attachments

(2 files, 2 obsolete files)

Add support for extension id matching in WAC, and require either matches or extensions, not both.

Blocks: 1713196
Whiteboard: mv3:m1 → mv3:m1 [mv3-m1]
Pushed by scaraveo@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/19de2822bc0c
support extension matching in webAccessibleResources r=zombie,smaug
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → 91 Branch
Regressions: 1719063
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Target Milestone: 91 Branch → ---
Whiteboard: mv3:m1 [mv3-m1] → [mv3-m2]

enforcing a restriction on extensions opening other extension resources breaks newtab, homepage, probably protocol handlers. In order to enforce such a restriction, we need to flag these "ui resources" somehow, perhaps like we do for some about pages using nsIAboutModule::MAKE_LINKABLE or nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT. Another option would be to set nsIProtocolHandler::URI_LOADABLE_BY_ANYONE in the extension protocol handler.

Another thought is to bypass the extension match restriction if BrowsingContext->isTop. That (I think) should allow something like a tab manager to open tabs to other extensions, but require matching for embedding iframes/etc.

There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:mixedpuppy, could you have a look please?
For more information, please visit auto_nag documentation.

Flags: needinfo?(tomica)
Flags: needinfo?(mixedpuppy)

Found issues with the patch on try, it's being worked on.

Flags: needinfo?(tomica)
Flags: needinfo?(mixedpuppy)

A special exception is made to allow certain resource to be accessed by any extenison.
This allows e.g. a tab manager to open a newtab that is provided by a different extension.

Points: --- → 5
Whiteboard: [mv3-m2] → [mv3-m2]
Attachment #9233619 - Attachment is obsolete: true
Attachment #9279320 - Attachment description: Bug 1711168 ensure extension provided newtab works with webAccessibleResource restrictions → Bug 1711168 ensure extension provided newtab and homepage works with webAccessibleResource restrictions
Attachment #9279320 - Attachment is obsolete: true
Depends on: 1780484
Pushed by scaraveo@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3d061ce03de7
support extension matching in webAccessibleResources r=zombie,smaug,rpl
https://hg.mozilla.org/integration/autoland/rev/902385a7ce60
allow extension pages to be loaded as top level tabs by other extensions r=rpl
Flags: needinfo?(mixedpuppy)
Depends on: 1780583

Alexandru,
I'm trying to understand what the perf improvements are. From what I can see, the values for the commit in comment 13 are all in line with previous values. The backout seems to be improving overal perf, but that doesn't make sense. The google-docs value is an clear example. Backout and report in comment 15 says a 9% improvement. But the prior entry is my patch, which is 760ms, which is what almost all prior tests have.

I'm not sure how I'm supposed to think about this.

Flags: needinfo?(aionescu)

I've looked over the perfherder graphs and our patches with another team member. We don't see how the changes have any relation or affect and given the patch that landed had the same timing as prior patches, we don't think the "improvement" is related to the patch and is otherwise a coincidence. I'm going to reland and see how this looks after.

Pushed by scaraveo@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4cfd51c07734
support extension matching in webAccessibleResources r=zombie,smaug,rpl
https://hg.mozilla.org/integration/autoland/rev/d0da1be14163
allow extension pages to be loaded as top level tabs by other extensions r=rpl,geckoview-reviewers,calu
Status: REOPENED → RESOLVED
Closed: 1 year ago2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 105 Branch
Flags: needinfo?(aionescu)
Keywords: perf-alert
See Also: → 1780581
Regressions: 1786564
See Also: → 1788524

Considering the backwards-breaking change in this bug, we should add a note to the changelog at https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/105:

Extensions resources can no longer be loaded by other extensions by default, unless the extension resource is listed in web_accessible_resources.

Keywords: dev-doc-needed
You need to log in before you can comment on or make changes to this bug.