Closed Bug 1859236 Opened 8 months ago Closed 8 months ago

`event.getCoalescedEvents` not work in content script

Categories

(WebExtensions :: Compatibility, defect)

Firefox 120
defect

Tracking

(firefox-esr115 unaffected, firefox118 unaffected, firefox119 unaffected, firefox120 fixed)

RESOLVED FIXED
120 Branch
Tracking Status
firefox-esr115 --- unaffected
firefox118 --- unaffected
firefox119 --- unaffected
firefox120 --- fixed

People

(Reporter: 709922234, Assigned: gregp)

References

(Regression)

Details

(Keywords: regression)

Attachments

(2 files)

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0

Steps to reproduce:

https://github.com/Robbendebiene/Gesturefy/issues/687

Component: Untriaged → Compatibility
Product: Firefox → WebExtensions
Keywords: regression
Regressed by: 1858434

:smaug, since you are the author of the regressor, bug 1858434, could you take a look? Also, could you set the severity field?

For more information, please visit BugBot documentation.

Flags: needinfo?(smaug)

Is the caller some extension script? I mean, does it run with expanded principal?

Is there some minimal testcase for this?

Flags: needinfo?(smaug)

(In reply to Olli Pettay [:smaug][bugs@pettay.fi] from comment #2)

Is the caller some extension script? I mean, does it run with expanded principal?

WebExtension content script sandbox is configured here
https://searchfox.org/mozilla-central/rev/ecb14e26e11a8edd3e7110f38b3803969db618ec/toolkit/components/extensions/ExtensionContent.sys.mjs#836,856-866

WebExtension content script sandboxes do use ExpandedPrincipal.

Warning: total guess ahead, haven't done any debugging:

I think the extension is broken because we're checking JS::GetIsSecureContext(js::GetContextRealm(aCx)) directly
https://searchfox.org/mozilla-central/rev/ecb14e26e11a8edd3e7110f38b3803969db618ec/dom/events/PointerEvent.cpp#213
instead of using the IsSecureContextOrObjectIsFromSecureContext helper

I assume the reason extension scripts can normally access SecureContext-only interfaces from the sandbox is because JS::GetIsSecureContext(js::GetNonCCWObjectRealm(aObj)); will be true.

Interestingly, the Cache interface uses the same secureness check as PointerEvent
https://searchfox.org/mozilla-central/rev/ecb14e26e11a8edd3e7110f38b3803969db618ec/dom/base/nsGlobalWindowInner.cpp#3302-3308
And yep, Cache.prototype is undefined in webextension content scripts (is this intentional? I cant find it documented anywhere)

Is there some minimal testcase for this?

Not very minimal, but...

  1. Install https://addons.mozilla.org/en-US/firefox/addon/gesturefy/
  2. Navigate to http://github.com/ or any other website
  3. Try using a gesture (hold down right click, drag down to scroll)

actual results:
a bunch of errors in the console

expected results:
page scrolls down

Otherwise, it will not be exposed to WebExtension content scripts.

Assignee: nobody → gregp
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

Set release status flags based on info from the regressing bug 1858434

See Also: → 1859532
Pushed by gp3033@protonmail.com:
https://hg.mozilla.org/integration/autoland/rev/1ac2ad721805
Use IsSecureContextOrObjectIsFromSecureContext to decide if we want to expose getCoalescedEvents r=smaug
Status: ASSIGNED → RESOLVED
Closed: 8 months ago
Resolution: --- → FIXED
Target Milestone: --- → 120 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: