Open
Bug 1747055
Opened 3 years ago
Updated 3 years ago
Support container restrictions on content scripts
Categories
(WebExtensions :: General, enhancement, P5)
WebExtensions
General
Tracking
(Not tracked)
NEW
People
(Reporter: robwu, Unassigned)
References
(Depends on 1 open bug, Blocks 2 open bugs)
Details
Container restrictions are currently not enforced for content scripts. We should do that.
Long-term, we need to be able to check the restrictions from C++, which depends on changes to WebExtensionPolicy as described in bug 1699481.
An intermediate step, without requiring C++ changes is to add a check right before the script would be run, at Script's injectInto at https://searchfox.org/mozilla-central/rev/b605f01915c5704a55e9f485101b7be7d20a55df/toolkit/components/extensions/ExtensionContent.jsm#440-444
Before injection, extension.canAccessContainer should be called. One blocker to this is the fact that the canAccessContainer logic is currently not available in the child, only in the parent.
context.canAccessContaineris at https://searchfox.org/mozilla-central/rev/b605f01915c5704a55e9f485101b7be7d20a55df/toolkit/components/extensions/ExtensionCommon.jsm#508-509,- It is just
return this.extension.canAccessContainer(userContextId);
- It is just
extension.canAccessContaineris implemented in the parent, in theExtensionclass at https://searchfox.org/mozilla-central/rev/b605f01915c5704a55e9f485101b7be7d20a55df/toolkit/components/extensions/Extension.jsm#2368extensionin the child does currently not have acanAccessContainermethod. It should be added to theBrowserExtensionContentclass inExtensionChild.jsm. This class is defined at https://searchfox.org/mozilla-central/rev/b605f01915c5704a55e9f485101b7be7d20a55df/toolkit/components/extensions/ExtensionChild.jsm#378-379
|
||
Updated•3 years ago
|
Severity: -- → N/A
Priority: -- → P5
You need to log in
before you can comment on or make changes to this bug.
Description
•