Open Bug 1725478 Opened 3 years ago Updated 8 months ago

WebIDL bindings for the API namespace and methods locked behind permissions should not be accessible when the permission isn't granted

Categories

(WebExtensions :: General, task, P3)

Product:
WebExtensions
Component:
General
Type:
task
Points:
5

Tracking

(Not tracked)

People

(Reporter: rpl, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [mv3-m2])

In the initial implementation of the WebIDL bindings for the WebExtensions APIs from Bug 1688040, the APIs that require specific permission are accessible from the extension code but they throw an error when used if the expected permission is not granted.

Hiding these properties using the Func WebIDL attribute would work only for the extensions that are requiring that permission statically from the manifest, but it wouldn't cover the behavior expected with the optional permission (and we support most of the permissions also as optional permissions) which can be granted and revoked at runtime.

This issue goal is to follow up to the work from Bug 1688040 and make sure those properties are going to be accessible only when the related permissions are granted and not accessible anymore when they are revoked.

Summary: WebIDL bindings for the API namespace and methods locked behind permissions should not be accessible → WebIDL bindings for the API namespace and methods locked behind permissions should not be accessible when the permission isn't granted
Severity: -- → N/A
Priority: -- → P2
Blocks: 1609923
Points: --- → 5
Priority: P2 → P3
You need to log in before you can comment on or make changes to this bug.