1756758 - Add support for `restrictSchemes` in `registerContentScripts()` (MV2)

Status: RESOLVED FIXED

(WebExtensions :: General, enhancement, P4)

Description

[William Durand [:willdurand]]

We use parseMatchPatterns to validate the matches option in scripting.registerContentScripts(). We should configure the restrictSchemes option (depending on extension.restrictSchemes?) and add test coverage for that.

Given this would allow "privileged callers to run scripts literally anywhere", it is low priority.

Comment 1

[William Durand [:willdurand]]

Attachment: Bug 1756758 - Add support for `restrictSchemes` in `registerContentScripts()` (MV2). r?mixedpuppy,robwu

Comment 2

[Rob Wu [:robwu]]

The patch above introduces support for restrictSchemes in the scripting API, but that only works in MV2, because the optional permission mechanism lacks restrictSchemes flags in various places (which is required in MV3, whereas MV2 extensions also have the option of using mandatory host permissions, where restrictSchemes is supported)).

In order to meaningfully support restrictSchemes in the scripting API with MV3, we'd also need to set the flags where instances of MatchPattern (including MatchPatternSet constructors with string input) are created.

• The optional permission backend (ExtensionPermissions.add and ExtensionPermissions.remove)
  • https://searchfox.org/mozilla-central/rev/32ca4fc265150e7d3d7aa6c6abea088768cf024b/toolkit/components/extensions/ExtensionPermissions.jsm#328,368
  • The users of the ExtensionPermissions module should be prepared to receive origins that contain schemes outside of the standard set of supported schemes.
    • For example, if a privileged extension is upgraded to a version that is not privileged any more, then the optional permission backend may still yield privileged host permissions, which could break callers that pass the origin to MatchPattern without restrictSchemes: false.
    • Part of that effort could be combined with fixing bug 1766915.
• permissions.request
  • https://searchfox.org/mozilla-central/rev/32ca4fc265150e7d3d7aa6c6abea088768cf024b/toolkit/components/extensions/parent/ext-permissions.js#92,106
• permissions.contains
  • https://searchfox.org/mozilla-central/rev/32ca4fc265150e7d3d7aa6c6abea088768cf024b/toolkit/components/extensions/parent/ext-permissions.js#156
• about:addons UI to control it
  • https://searchfox.org/mozilla-central/rev/32ca4fc265150e7d3d7aa6c6abea088768cf024b/toolkit/mozapps/extensions/content/aboutaddons.js#3051
  • See also bug 1765828

Comment 3

[Shane Caraveo (:mixedpuppy)]

Any host permissions outside of permitted schemes[1] should not be included in about:addons and should not be contained in ExtensionPermissions. They should be granted automatically at extension startup. These are privileged extensions and are primarily going to be using urls internal to firefox. They'll have internal needs for those in order to operate, we shouldn't extend user control to those.

Given that, I think that a) it doesn't matter that it's MV2 only right now, and b) a followup bug should be filed to grant permission for privileged schemes here[2].

[1] https://searchfox.org/mozilla-central/rev/ffb50da3ca89100b6ae5054cfe69c187679515f0/toolkit/components/extensions/MatchPattern.cpp#227-228
[2] https://searchfox.org/mozilla-central/rev/ffb50da3ca89100b6ae5054cfe69c187679515f0/toolkit/components/extensions/Extension.jsm#1319-1321

Comment 4

[Pulsebot]

Pushed by wdurand@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5a336820e40b
Add support for `restrictSchemes` in `registerContentScripts()` (MV2).  r=mixedpuppy

Comment 5

[Tomislav Jovanovic :zombie]

(In reply to Shane Caraveo (:mixedpuppy) from comment #3)

They'll have internal needs for those in order to operate, we shouldn't extend user control to those.

I've came to the same conclusion as well.

Comment 6

[Marian-Vasile Laza]

https://hg.mozilla.org/mozilla-central/rev/5a336820e40b