1900410 - Move away from internal data:-URL in scripting.executeScript + world:MAIN implementation

Status: RESOLVED FIXED

(WebExtensions :: General, enhancement, P2)

Description

[Rob Wu [:robwu]]

In bug 1736575, I introduced the use of a data:-URL in order to have a way to get a PrecompiledScript that can execute independently of the page's CSP (https://phabricator.services.mozilla.com/D211869).

The downside to a data:-URL is that the full script source appears when any callee (potentially from the web page) examines the stack trace, in new Error().stack.

An upside to the current implementation in comparison to the evalInSandbox implementation used for other content script execution is that the data:-URL uniquely identifies the script, so it appears correctly in the debugger. In contrast, the "filename" "sandbox eval code" is currently shared by all tabs.executeScript({ code }) or scripting.executeScript({ func, args }) calls, which makes it a bit difficult to e.g. set a breakpoint for multiple executeScript calls: the first script loaded in the devtools, and after that the debugger shows the original source even if the underlying code has changed.

Anyway, in this bug I'm focusing on the scripting.executeScript + world MAIN code path. The "sandbox eval code" part is already tracked at bug 1707107.

Comment 1

[Rob Wu [:robwu]]

I considered converting the data to a blob. The plus side is that the immediate content is hidden, the downside is potential extension UUID leakage. Perhaps we can have a random artificial extension UUID?

FYI, here is another bug about transforming the CSS code to a blob: bug 1639478

Comment 2

[Rob Wu [:robwu]]

Attachment: Bug 1900410 - Add filename option to ChromeUtils.compileScript

This option enables internal callers to specify a different file name,
which we will rely upon for redacting the extension URL and filenames.

Comment 3

[Rob Wu [:robwu]]

Attachment: Bug 1900410 - Redact filename from MAIN world scripts

Comment 4

[Pulsebot]

Pushed by rob@robwu.nl:
https://hg.mozilla.org/integration/autoland/rev/0b9f2ac8460b
Add filename option to ChromeUtils.compileScript r=spidermonkey-reviewers,arai
https://hg.mozilla.org/integration/autoland/rev/2780686b010b
Redact filename from MAIN world scripts r=willdurand

Comment 5

[Cristina Horotan [:chorotan]]

https://hg.mozilla.org/mozilla-central/rev/0b9f2ac8460b
https://hg.mozilla.org/mozilla-central/rev/2780686b010b

Comment 6

[Rob Wu [:robwu]]

Attachment: Bug 1900410 - Add filename option to ChromeUtils.compileScript

This option enables internal callers to specify a different file name,
which we will rely upon for redacting the extension URL and filenames.

Original Revision: https://phabricator.services.mozilla.com/D214295

Comment 7

[Rob Wu [:robwu]]

Attachment: Bug 1900410 - Redact filename from MAIN world scripts

Original Revision: https://phabricator.services.mozilla.com/D214296

Comment 8

[Phabricator Automation]

beta Uplift Approval Request

• User impact if declined: Web pages can detect when extensions execute code using the new world:MAIN option. This includes the source text of the executing script or the script's URL (that includes a UUID that could be used for fingerprinting).
• Code covered by automated testing: yes
• Fix verified in Nightly: yes
• Needs manual QE test: no
• Steps to reproduce for manual QE testing: Manual testing is not needed because the behavior is already fully covered by automated tests.
• Risk associated with taking this patch: Low
• Explanation of risk level: Changes specific part of extension API implementation, fully covered by automated tests. The mechanism to redact file names is mature, and the effects are well understood.
• String changes made/needed: none
• Is Android affected?: yes

Comment 9

[Pulsebot]

https://hg.mozilla.org/releases/mozilla-beta/rev/40686de10d43
https://hg.mozilla.org/releases/mozilla-beta/rev/9b05f7458385