1859236 - `event.getCoalescedEvents` not work in content script

Status: RESOLVED FIXED

(WebExtensions :: Compatibility, defect)

Description

[709922234]

Attachment: Screenshot 2023-10-16 at 16.12.58.png

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0

Steps to reproduce:

https://github.com/Robbendebiene/Gesturefy/issues/687

Comment 1

[BugBot [:suhaib / :marco/ :calixte]]

:smaug, since you are the author of the regressor, bug 1858434, could you take a look? Also, could you set the severity field?

For more information, please visit BugBot documentation.

Comment 2

[Olli Pettay [:smaug][bugs@pettay.fi] (vacation-ish -> Aug 1)]

Is the caller some extension script? I mean, does it run with expanded principal?

Is there some minimal testcase for this?

Comment 4

[Gregory Pappas [:gregp]]

(In reply to Olli Pettay [:smaug][bugs@pettay.fi] from comment #2)

Is the caller some extension script? I mean, does it run with expanded principal?

WebExtension content script sandbox is configured here
https://searchfox.org/mozilla-central/rev/ecb14e26e11a8edd3e7110f38b3803969db618ec/toolkit/components/extensions/ExtensionContent.sys.mjs#836,856-866

WebExtension content script sandboxes do use ExpandedPrincipal.

Warning: total guess ahead, haven't done any debugging:

I think the extension is broken because we're checking JS::GetIsSecureContext(js::GetContextRealm(aCx)) directly
https://searchfox.org/mozilla-central/rev/ecb14e26e11a8edd3e7110f38b3803969db618ec/dom/events/PointerEvent.cpp#213
instead of using the IsSecureContextOrObjectIsFromSecureContext helper

I assume the reason extension scripts can normally access SecureContext-only interfaces from the sandbox is because JS::GetIsSecureContext(js::GetNonCCWObjectRealm(aObj)); will be true.

Interestingly, the Cache interface uses the same secureness check as PointerEvent
https://searchfox.org/mozilla-central/rev/ecb14e26e11a8edd3e7110f38b3803969db618ec/dom/base/nsGlobalWindowInner.cpp#3302-3308
And yep, Cache.prototype is undefined in webextension content scripts (is this intentional? I cant find it documented anywhere)

Is there some minimal testcase for this?

Not very minimal, but...

1. Install https://addons.mozilla.org/en-US/firefox/addon/gesturefy/
2. Navigate to http://github.com/ or any other website
3. Try using a gesture (hold down right click, drag down to scroll)

actual results:
a bunch of errors in the console

expected results:
page scrolls down

Comment 5

[Gregory Pappas [:gregp]]

Attachment: Bug 1859236 - Use IsSecureContextOrObjectIsFromSecureContext to decide if we want to expose getCoalescedEvents r?smaug!

Otherwise, it will not be exposed to WebExtension content scripts.

Comment 6

[BugBot [:suhaib / :marco/ :calixte]]

Set release status flags based on info from the regressing bug 1858434

Comment 7

[Pulsebot]

Pushed by gp3033@protonmail.com:
https://hg.mozilla.org/integration/autoland/rev/1ac2ad721805
Use IsSecureContextOrObjectIsFromSecureContext to decide if we want to expose getCoalescedEvents r=smaug

Comment 8

[Cristian Tuns]

https://hg.mozilla.org/mozilla-central/rev/1ac2ad721805