Update https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions (userScripts permission) [Firefox for Desktop V136]
Categories
(support.mozilla.org :: Knowledge Base Content, task)
Tracking
(Not tracked)
People
(Reporter: robwu, Assigned: dgalindo)
References
(Blocks 1 open bug)
Details
Did you check out the steps and FAQs for submitting requests to the CX content team? (yes or no)? [REQUIRED]
**Note: Learn more at https://mozilla-hub.atlassian.net/wiki/spaces/MSS/pages/21430745/Mozilla+Support+Content **
IMPORTANT NOTICE: FOR TIMELY PUBLICATION, CONTENT REQUESTS MUST BE SUBMITTED AT LEAST 14 DAYS BEFORE THE RELEASE DATE, ENABLING THE SUMO TEAM TO MAKE THEM LIVE WITHIN 48 HOURS POST-RELEASE. PLEASE ENSURE THAT ALL SUBMITTED INFORMATION, INCLUDING FEATURE DETAILS AND VISUAL ASSETS, IS FINAL. IN THE EVENT OF ANY UNFORESEEN CHANGES OR DELAYS NECESSITATING A PUSH TO A SUBSEQUENT RELEASE, PROMPTLY INFORM US TO PREVENT PUBLISHING AS PER THE ORIGINAL SCHEDULE.
Yes.
Content access restriction: Is the content restricted to staff or under embargo (yes or no)? [REQUIRED]
Note: If yes, ensure ‘Advanced Fields’ are visible by selecting ‘Show Advanced Field’ at the top right, then scroll to ‘Security’ and check ‘Confidential Mozilla Employee Bug (non-security)’.
Attention: Any content not marked as confidential will be accessible to both NDAd and non-NDAd contributors with a Bugzilla account. Drafts for non-confidential content will also follow the same access policy, being open to comments for anyone with the link. Non-confidential Bugzillas can benefit from contributions by community contributors, while confidential Bugzillas will be handled exclusively by staff.
No.
Product (ensure to select only one product for each ticket. If your request involves multiple products, file an individual Bugzilla for each)
Choose one below and delete others. [REQUIRED]
Firefox for Desktop (Windows / macOS / Linux)
Select the type of request.
Choose one or more below and delete others. [REQUIRED]
KB content update
Please summarize the request, emphasizing any user-facing changes. Include historical context or background information if it helps users understand the new features or changes. [REQUIRED]
Add a heading with "Allow unverified third-party scripts to access your data" to https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions
This heading's text must exactly match the string of webext-perms-description-userScripts in extensionPermissions.ftl, which was added in bug 1917000 (https://hg.mozilla.org/mozilla-central/rev/bc4881030055). Localized versions can be found at https://searchfox.org/l10n/search?q=webext-perms-description-userScripts
The section should explain what the permission does. For extra context, see bug 1931545 that previews the warning that is displayed next to the permission description. Note: from the permission data and the warning it is not obvious, but the access is limited to sites that the extension can already access.
When I combine the existing permission description and warning, the result could look like this:
The extension could enable unverified scripts to access your website data. Unverified scripts can pose security and privacy risks, such as running harmful code or tracking website activity. Only run scripts from extensions or sources you trust.
Are the user-facing changes mentioned above for the production release, or is the feature/change experimental/ beta? (Production, Experimental or Beta) [REQUIRED]
**Note: Specify if the user-facing changes mentioned above are final, experimental, or in beta. This information is crucial for determining the appropriate support and documentation level needed. Please note that SUMO KB articles only support the production version for Firefox.
Yes. Riding to release of Firefox 136, with bug 1943050.
Are the new features or changes region-specific? Are they going to be released in a gradual rollout? [REQUIRED]
**Note: Please confirm if these features or changes are limited to specific geographic regions and if they will be implemented gradually. Knowing this helps us tailor our documentation and support resources appropriately.
No
Please indicate if this is an on- or off-train release [REQUIRED]
**Note: If applicable, add the product version number to the end of the Summary field using the format: Summary [Product V123]. If this is an off-train release, please use the format: Summary [Product off-train].
On-train.
What is the anticipated release date? [REQUIRED]
Note: Content is typically published at, or within, 48 hours of the release.
Firefox 136 releases on 2025-03-04 according to https://whattrainisitnow.com/release/?version=136 .
Does the content need to be published prior to the release date? If so, when? [REQUIRED]
Note: If you don’t let us know if this date changes, it will be published on this date
No.
Does the content need to be localized in any languages outside of EN-US? If yes, please indicate which languages. [REQUIRED]
Note: A minimum of 10 days is required for translation requests.
EDIT: it is acceptable to wait for the community to localize at their pace.
This new section should be added to all localized versions of the article.
According to https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions/show_translations
the article is localized in 35 other languages:
- ar, bg, cs, da, de, el, es, fa, fi, fr, hi-IN, hr, hu, id, it, ja, ka, ko, lt, ms, nl, no, pl, pt-BR, Europeu, pt-PT, ru, sr, th, tr, uk, vi, zh-CN, zh-TW, zu
Please include any related JIRA/Github/Bugzilla tickets, documentation, demos or practical use cases. [REQUIRED]
- userScripts API opt-in description (part of bug 1917000): https://docs.google.com/document/d/1Bx261fBL8TPAyAy_839-Rtk7C6lriaHTvex1jXaUB5c/edit
- Example of extension that uses the new permission: https://github.com/mdn/webextensions-examples/pull/576 (see below for how to use this)
Please include links to any design assets, visuals, figma files, etc. [REQUIRED]
Note: Ensure to submit only final visual assets relevant to the Production release, excluding Nightly or Beta images, and favor 'Light mode' UI screenshots over 'Dark mode'
- Figma and design assets/visual can be found in bug 1917000, see https://bugzilla.mozilla.org/show_bug.cgi?id=1917000#c1 onwards.
- Screenshot in actual Firefox build is attached in bug 1931545: (https://bug1931545.bmoattachments.org/attachment.cgi?id=9445015
Please add instructions for testing that will enable us to replicate the expected product behavior. [REQUIRED]
- Clone the mdn/webextensions-examples repository, with https://github.com/mdn/webextensions-examples/pull/576
- If the patch has not been merged yet, check out the individual branch as follows:
git clone https://github.com/mdn/webextensions-examplescd webextensions-examplesgit fetch origin pull/576/headgit checkout FETCH_HEAD
- Visit
about:debugging, click "This Firefox", then click "Load Temporary Add-on...", and in the file picker select theuserScripts-mv3directory from the first step. - Visit
about:addons, click on the "User Scripts Manager extension" to view its details. - Click on the "Permissions" tab.
- The "Allow unverified third-party scripts to access your data" permission is displayed, as seen in bug 1931545 (screenshot).
Does the content need approval before publishing? If yes, identify the one approver responsible for this task.
Note: Minor changes such as string updates are directly handled in SUMO, and will not lead to the generation of a pre-publishing draft. [REQUIRED]
Hey Jo! Could you help us validate this bug and add it to the Content Roadmap in Asana? Once that's done, please link the task here. Thanks!
| Reporter | ||
Comment 2•1 year ago
|
||
What's the status of this documentation update? I can edit the article myself if that makes it easier.
(In reply to Seburo from comment #3)
If it helps move this forwards, please can I pick this one up?
Hey Paul! Thanks for offering to help. I've assigned the bug to you.
| Assignee | ||
Comment 5•1 year ago
•
|
||
(In reply to Rob Wu [:robwu] from comment #2)
What's the status of this documentation update? I can edit the article myself if that makes it easier.
After a short talk with JoT the ticket has been assigned to Paul. I'll make sure to approve it once it is up on Kitsune
I am currently working through what needs to be done, and put together a draft for approval. Once people are happy with that, I will upload to Kitsune (it is never SuMo, we use SUMO) for SUMO staff to review after which it will be passed to the amazing SUMO L10n teams to work on.
With apologies for the delay, a draft for your approval - https://docs.google.com/document/d/1qGN5L8k4BIeZX_aREtnonq9zwQqQVL58HVGC8fD6cEY/edit?usp=sharing
Once you are happy with this, I will get it loaded to Kitsune for SUMO staff to review, after which the SUMO L10n team will pick it up.
| Reporter | ||
Comment 8•1 year ago
|
||
The current draft in that doc looks like this:
{for fx136}
=Allow unverified third-party scripts to access your data=
The extension could enable unverified scripts to access your website data.
Unverified scripts can pose security and privacy risks, such as running harmful code or tracking website activity. Only run scripts from extensions or sources you trust.
{/for}
Ideally it would have clarified that the scripts run on websites that the extension can access, but I don't know if it would be sufficiently obvious if we were to change the text to:
The extension could enable unverified scripts to access your website data, on websites that the extension can access.
"access" here refers to the bunch of sections starting from the top of the page, at https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions#w_access-your-data-for-all-websites
Once you are happy with this, I will get it loaded to Kitsune for SUMO staff to review, after which the SUMO L10n team will pick it up.
Other than the above remark, the draft looks good to me. When you submit it for localization, include the following remark to ensure consistency between the content used in product and the website (I copied this from my comment in the initial request):
Add a heading with "Allow unverified third-party scripts to access your data" to https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions
This heading's text must exactly match the string of
webext-perms-description-userScriptsinextensionPermissions.ftl, which was added in bug 1917000 (https://hg.mozilla.org/mozilla-central/rev/bc4881030055). Localized versions can be found at https://searchfox.org/l10n/search?q=webext-perms-description-userScriptsThe section should explain what the permission does. For extra context, see bug 1931545 that previews the warning that is displayed next to the permission description. Note: from the permission data and the warning it is not obvious, but the access is limited to sites that the extension can already access.
Thank you for your feedback. Updated edit for your approval - https://docs.google.com/document/d/1qGN5L8k4BIeZX_aREtnonq9zwQqQVL58HVGC8fD6cEY/edit?usp=sharing
| Reporter | ||
Comment 10•1 year ago
|
||
Looks good, thanks! Once submitted to SUMO, could you link the diff here? That would be useful to serve as a future public reference on how to write SUMO content based on the above requirements. Extension permissions are added all the time.
Comment 11•1 year ago
|
||
(In reply to Rob Wu [:robwu] from comment #10)
We already have a significant volume of material and guides on content in Kitsune, but the best thing is to get a request in for a contributor to the KB to look at it.
Comment 12•1 year ago
|
||
Ready for review - https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions/history#preview
| Reporter | ||
Comment 13•1 year ago
|
||
Thanks! For future reference, this is the diff (addition is at the end)
(also clearing old needinfo)
Comment 14•1 year ago
|
||
(In reply to Seburo from comment #12)
Ready for review - https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions/history#preview
Still pending review.
Comment 15•1 year ago
•
|
||
(In reply to Alice Wyman from comment #14)
(In reply to Seburo from comment #12)
Ready for review - https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions/history#preview
Still pending review.
Dayana did we publish this? Thanks!
Comment 17•1 year ago
|
||
(In reply to SUMO Mandy from comment #15)
(In reply to Alice Wyman from comment #14)
(In reply to Seburo from comment #12)
Ready for review - https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions/history#preview
Still pending review.
Dayana did we publish this? Thanks!
Asana task confirms this is published!
Description
•