[meta] Implement userScripts API in MV3
Categories
(WebExtensions :: General, enhancement, P2)
Tracking
(Not tracked)
People
(Reporter: robwu, Unassigned)
References
(Depends on 6 open bugs)
Details
(Keywords: meta, Whiteboard: [wecg][addons-jira])
This is about implementing the userScripts API, as designed in the WECG at https://github.com/w3c/webextensions/issues/279 .
Not to be confused with the current userScripts API in Firefox that is tied to the user_scripts key from bug 1437098. This older API called "userScripts" is MV2-only because its design is incompatible with non-persistent background pages. Additional notes about differences: https://github.com/mdn/browser-compat-data/issues/21922#issuecomment-1892148953
Updated•8 months ago
|
Reporter | ||
Comment 1•8 months ago
|
||
Currently, the way that user script managers would use the API to run scripts in the main world is to use the userScripts API to have a world without scripts being restricted by the CSP. To enable that, we need to support the ability to exempt script nodes inserted by the "user script" world from the CSP (bug 1446231).
Reporter | ||
Comment 2•8 months ago
|
||
The capability to directly run scripts in the MAIN world is part of bug 1736575.
Reporter | ||
Comment 3•2 months ago
|
||
Before we can enable any implementation of the userScripts API by default, we need a way for users to opt in to userScripts functionality. We have a top-level generic bug on file for that at bug 1787179.
The implementation of the userScripts API can be sequenced as follows:
- MVP as specified in https://github.com/w3c/webextensions/blob/main/proposals/user-scripts-api.md
userScripts.register()
anduserScripts.unregister
to register/unregister user scripts (MV3 API, not to be confused with MV2).- Note: we need to update the schema to make sure that the MV2 and MV3 APIs are separate (relying on bug 1892669).
- To keep the initial patch simple, support injection in the MAIN world only (implemented in bug 1736575).
- Persistency of scripts is a core part of the API, but we could start in-memory at first and implement persistency separately.
- Except for the
matches
vsincludeGlobs
(OR instead of AND, andmatches
optional - (https://crbug.com/41483539)), the matching and execution behavior is the same as regular content scripts. Tests thus only need to verify that the script can be registered and that the options make sense.
userScripts.getScripts()
to retrieve the set of registered scripts.- (if not implemented in the first part) Implement persistency of registered user scripts (i.e. should persist across restarts).
userScripts.update()
- Add support for the USER_SCRIPT world (Sandbox, initially without any extra APIs, will change below with "messaging").
userScripts.configureWorld()
to customize CSP of world.userScripts.configureWorld
messaging
option to enable messaging with the user script world +runtime.onUserScriptMessage
,runtime.onUserScriptConnect
- Multiple userScripts world as specified in https://github.com/w3c/webextensions/blob/main/proposals/multiple_user_script_worlds.md (Chrome is still actively working on this - https://crbug.com/331680187)
userScripts.execute
as specified in https://github.com/w3c/webextensions/blob/main/proposals/user-scripts-execute-api.md (Chrome has not implemented this yet)- More additions:
- E.g. re-ordering of user scripts (https://github.com/w3c/webextensions/issues/606)
- Other feature requests: https://github.com/w3c/webextensions/issues?q=is%3Aopen+is%3Aissue+label%3A%22topic%3A+user+scripts%22
Updated•1 month ago
|
Updated•1 month ago
|
Reporter | ||
Updated•5 days ago
|
Description
•