Open Bug 1825215 Opened 2 years ago Updated 1 year ago

"undefined" string as Error.fileName in exceptions thrown by scripting.executeScript and most other extension APIs

Categories

(WebExtensions :: General, enhancement, P3)

Product:
WebExtensions
Component:
General
Version:
Firefox 111
Type:
enhancement

Tracking

(firefox111 affected, firefox112 affected, firefox113 affected)

Tracking Flags:
Tracking Status
firefox111 --- affected
firefox112 --- affected
firefox113 --- affected

People

(Reporter: manikulin, Unassigned)

References

Details

Attachments

(2 files)

2023-03-31_10h06_50.png
30.44 KB, image/png
Details
favourite-colour.xpi
2.08 KB, application/octet-stream
Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0

Steps to reproduce:

Exceptions from scripting.executeScript have empty stack, useless lineNumber and columnNumber, rather strange fileName that is "undefined" string, even not undefined value.

  • Load any mv3 extension having the scripting and activeTab permissions.
  • Inspect it, switch to console.
  • try to execute some code with either invalid InjectionTarget.tabId or invalid InjectionTarget.frameIds or just in an about:blank tab (code is wrapped) 
    browser.scripting.executeScript({target: {tabId: -1}, func: () => true}).
 catch(error => console.error({error}))

Actual results:

The function returns a Promise that is settled to an Error that provides no details on location in code and call stack:

Object { error: Error }
    error: Error: Invalid tab ID: -1
    columnNumber: 1
    fileName: "undefined"
    lineNumber: 0
    message: "Invalid tab ID: -1"
    stack: ""
    <prototype>: Error.prototype { stack: "", … }
  <prototype>: Object { … }

notice "undefined" string.

Expected results:

In the case of invalid tabId or lack of permission the generated
error has stack, fileName, lineNumber, and columnNumber set to the call site of the method: file name of background script/service worker similar to

browser.permissions.request({ permissions: [ "clipboardWrite" ] }).
    catch(error => console.error({error}))
Object { error: Error }
  error: Error: permissions.request may only be called from a user input handler
    columnNumber: 21
    fileName: "debugger eval code"
    lineNumber: 1
    message: "permissions.request may only be called from a user input handler"
    stack: "@debugger eval code:1:21\n"
    <prototype>: Error.prototype { stack: "", … }
  <prototype>: Object { … }
Version: Firefox 111 → Firefox 110
Version: Firefox 110 → Firefox 111

Besides invalid InjectionTarget.target.frameIds it may happen with a sandbox <iframe>

<iframe id="iframe" sandbox="" src="iframe-content.html" height="480"></iframe>

I am confused by the Bug #1739643. Accordingly to it I expect no exception for a sandboxed iframe, but I get Error: Missing host permission for the tab or frames. Before I noticed that bug I was sure that for an about:blank tab ``Error: Missing host permission for the tabis expected behavior. Code evaluates successfully in the case ofabout:blank` iframe. The source of my confusion is that the bug #1411641 is still open.

Hello,

I reproduced the issue on the latest Nightly (113.0a1/20230330214245), Beta (112.0b9/20230330182947) and Release (111.0.1/20230321111920) under Windows 10 x64 and macOS 11.3.1.

Using the attached extension (part of the example extensions pack available on MDN), which I modified to have manifest version 3 and include the scripting and activeTab permissions, running the browser.scripting.executeScript({target: {tabId: -1}, func: () => true}). catch(error => console.error({error})) code in the extensions console results in the error mentioned in Comment 0.

For more details, see the attached screenshot.

Status: UNCONFIRMED → NEW
status-firefox111: --- → affected
status-firefox112: --- → affected
status-firefox113: --- → affected
Ever confirmed: true
Attached image 2023-03-31_10h06_50.png
Attached file favourite-colour.xpi

(In reply to max from comment #1)

Besides invalid InjectionTarget.target.frameIds it may happen with a sandbox <iframe>

<iframe id="iframe" sandbox="" src="iframe-content.html" height="480"></iframe>

I am confused by the Bug #1739643. Accordingly to it I expect no exception for a sandboxed iframe, but I get Error: Missing host permission for the tab or frames.

The general fix for sandbox is tracked at bug 1411641.

Blocks: 1735474
Severity: -- → S4
Depends on: 1740608
Priority: -- → P3

This bug is not specific to the scripting.executeScript API, by the way. It happens with almost every extension API (except cases where we handle this specially, such as extension messaging).

Here is another test case:
browser.tabs.query({url:"**"}).catch(e => e)

No longer blocks: 1735474
Severity: S4 → N/A
Type: defect → enhancement
Summary: "undefined" string as Error.fileName in exceptions thrown by scripting.executeScript → "undefined" string as Error.fileName in exceptions thrown by scripting.executeScript and most other extension APIs
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: