Closed
Bug 1897113
Opened 5 months ago
Closed 4 months ago
Content scripts should only run in blob:-URLs if match_origin_as_fallback is true
Categories
(WebExtensions :: General, enhancement)
WebExtensions
General
Tracking
(firefox128 fixed)
RESOLVED
FIXED
128 Branch
| Tracking | Status | |
|---|---|---|
| firefox128 | --- | fixed |
People
(Reporter: robwu, Assigned: robwu)
References
(Blocks 1 open bug)
Details
(Keywords: dev-doc-complete, Whiteboard: [addons-jira])
Attachments
(1 file)
Currently, we run content scripts in blob:-URLs if the document that created it matches the matches pattern of a content script. This behavior is undocumented, and was not covered by unit tests until I added them in https://hg.mozilla.org/mozilla-central/rev/1eabe598552b (part of bug 1853411).
In contrast, Chrome only permits it if match_origin_as_fallback is also set to true. In Firefox we implemented this feature recently in bug 1853411, so we should also lock blob:-scripting to extensions that specify match_origin_as_fallback.
Because this change may affect compatibility, we should add a pref to enable us or users to revert the feature. If there are no significant regressions, we should eventually remove the preference.
|
||
Updated•5 months ago
|
|
Assignee | |
Comment 1•5 months ago
|
||
|
||
Updated•5 months ago
|
Assignee: nobody → rob
Status: NEW → ASSIGNED
Pushed by rob@robwu.nl:
https://hg.mozilla.org/integration/autoland/rev/998822f95cec
Require match_origin_as_fallback for blob:-URLs r=rpl
|
|
Assignee | |
Updated•4 months ago
|
Keywords: dev-doc-needed
|
||
Comment 3•4 months ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 4 months ago
status-firefox128:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 128 Branch
Keywords: dev-doc-needed → dev-doc-complete
You need to log in
before you can comment on or make changes to this bug.
Description
•