1853409 - matchAboutBlank should only match top-level about:blank if "matches" matches all URLs.

Status: RESOLVED FIXED

(WebExtensions :: General, defect, P1)

Description

[Rob Wu [:robwu]]

Content scripts should only match documents when matched by "matches". An about:blank URL cannot be specified in "matches". There is a matchAboutBlank key whose purpose is to allow extensions to opt in to running scripts in about:blank / about:srcdoc documents.

There are documents with an opaque origin, notably about:blank tabs opened at the top level. These are currently matched unconditionally when matchAboutBlank is true: https://searchfox.org/mozilla-central/rev/b741ddde6c678ca7025858952202d20664491555/toolkit/components/extensions/WebExtensionPolicy.cpp#811-819

To allow extensions to use matchAboutBlank on specific documents without unwanted execution on top-level about:blank, we should verify that matches is equivalent to matching all URLs.

Note: sandboxed about:blank also have an opaque origin; in these cases we should match the precursor principal if available (https://bugzilla.mozilla.org/show_bug.cgi?id=1411641#c45).

Comment 1

[Rob Wu [:robwu]]

Attachment: Bug 1853409 - Part 1: Introduce MatchPatternSet::MatchesAllWebUrls

Introduce MatchPatternSet::MatchesAnyDomain() and
MatchPattern::MatchesAnyDomain() to serve the purpose of determining
whether a match pattern is going to match any http(s) URL.

This patch also includes a simplification / small optimization: when
path is "/", we skip the construction of mPath. In the common case
of the path part being "/", mPath is void instead of a MatchPatternGlob
that consisting of the always-matching "/*".

Comment 2

[Rob Wu [:robwu]]

Attachment: Bug 1853409 - Part 2: Require "all urls" match pattern for top-level match_about_blank

This patch changes the behavior as follows:

• match_about_blank in content_scripts in manifest.json will now only
  run in top-level about:blank if its matches key specifies a match
  pattern set that is equivalent to all http(s) URLs.

• matchAboutBlank in tabs.executeScript requires activeTab permission
  (as before), or an all-URLs host permission.

Comment 3

[Rob Wu [:robwu]]

Attachment: Bug 1853409 - Part 3: Test cases with about:blank in scripting.registerContentScripts

This adds two tests:

• test_registerContentScripts_on_about_blank_frames, which passes
  even before any of the changes in this bug.

• test_registerContentScripts_on_top_level_about_blank, which only
  passes with the previous patches applied. Before these, the
  registered content script would run in top-level about:blank,
  even if matches[] does not match all URLs (basically the underlying
  issue of bug 1853412).

The behavior of these tests may be revisited later in bug 1853411.

Comment 4

[Pulsebot]

Pushed by rob@robwu.nl:
https://hg.mozilla.org/integration/autoland/rev/db83d2ff14bf
Part 1: Introduce MatchPatternSet::MatchesAllWebUrls r=zombie
https://hg.mozilla.org/integration/autoland/rev/8fd46518c8be
Part 2: Require "all urls" match pattern for top-level match_about_blank r=rpl
https://hg.mozilla.org/integration/autoland/rev/35c3dd2c405e
Part 3: Test cases with about:blank in scripting.registerContentScripts r=rpl

Comment 5

[Natalia Csoregi [:nataliaCs]]

https://hg.mozilla.org/mozilla-central/rev/db83d2ff14bf
https://hg.mozilla.org/mozilla-central/rev/8fd46518c8be
https://hg.mozilla.org/mozilla-central/rev/35c3dd2c405e