Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use match_origin_as_fallback behavior by default in scripting.executeScript #673

Open
oliverdunk opened this issue Aug 16, 2024 · 7 comments
Open

Use match_origin_as_fallback behavior by default in scripting.executeScript #673

oliverdunk opened this issue Aug 16, 2024 · 7 comments
Labels
implemented: chrome Implemented in Chrome implemented: firefox Implemented in Firefox supportive: safari Supportive from Safari topic: scripting

Comments

@oliverdunk
Copy link
Member

In Manifest V2, the tabs.executeScript method has a matchAboutBlank property which matches the behavior of match_about_blank in the manifest.

In Manifest V3, the scripting.executeScript method in Chrome applies this behavior by default. We chose this since the API is more explicit about the injection target, and therefore there is clearer intent from the developer to inject into a given frame.

However, since then we have introduced match_origin_as_fallback. We'd like to make that the default for scripting.executeScript. This will need some communication, since it's technically a behavior change, but should be low impact.
@github-actions github-actions bot added needs-triage: chrome Chrome needs to assess this issue for the first time needs-triage: firefox Firefox needs to assess this issue for the first time needs-triage: safari Safari needs to assess this issue for the first time labels Aug 16, 2024
@oliverdunk oliverdunk added supportive: chrome Supportive from Chrome and removed needs-triage: chrome Chrome needs to assess this issue for the first time labels Aug 16, 2024
@tophf
Copy link

tophf commented Aug 17, 2024
edited
Loading

MV3 executeScript uses kMatchForAboutSchemeAndClimbTree to mimic MV2 executeScript, I guess.

MV3 registerContentScripts uses kAlways and exposes matchOriginAsFallback explicitly.

Hence, maybe it would make more sense to expose matchOriginAsFallback for executeScript (both in MV3 and MV2) and use kAlways mode when it's true?

@dotproto dotproto mentioned this issue Aug 29, 2024
Closed
@dotproto dotproto added implemented: firefox Implemented in Firefox and removed needs-triage: firefox Firefox needs to assess this issue for the first time labels Aug 29, 2024
@Rob--W Rob--W mentioned this issue Aug 29, 2024
Merged
@Rob--W Rob--W added the supportive: safari Supportive from Safari label Aug 29, 2024
@Rob--W
Copy link
Member

Rob--W commented Aug 29, 2024

@kiaraarose Could you confirm Safari's behavior and set it to implemented: safari Implemented in Safari if applicable?

@oliverdunk
Copy link
Member Author

I've filed a Chromium issue to track this work here: https://issues.chromium.org/363031548

@xeenon
Copy link
Collaborator

xeenon commented Sep 1, 2024

Safari will not inject into a frame if permissions are not granted, and currently permissions are only granted based on HTTP-family URL patterns. An about:blank, etc. frame targeted with frameId will fail the permission check today in Safari.

We are supportive of this issue and would implement it once we have match_origin_as_fallback support, since that nicely aligns with our permission model.

@Rob--W
Copy link
Member

Rob--W commented Sep 24, 2024

@kiaraarose Could you confirm Safari's behavior and set it to implemented: safari Implemented in Safari if applicable?

Kiara mentioned that Safari does currently not inject in about:blank, and that support for match_origin_as_fallback is planned to being worked on.

@Rob--W Rob--W removed the needs-triage: safari Safari needs to assess this issue for the first time label Sep 24, 2024
@Rob--W
Copy link
Member

Rob--W commented Sep 28, 2024

FYI: During TPAC 2024 (#659) I sat together with Oliver and he created a patch to implement this in Chromium: https://chromium-review.googlesource.com/c/chromium/src/+/5890628

Once that is approved and merged, the chrome label on this issue can be updated and the ticket be closed.

@Rob--W Rob--W mentioned this issue Sep 29, 2024
Merged
aarongable pushed a commit to chromium/chromium that referenced this issue Jan 6, 2025
@oliverdunk
[Extensions] Use match_origin_as_fallback in chrome.scripting API
9161803 
Uses the `match_origin_as_fallback` behavior in the
scripting.executeScript, scripting.insertCSS and scripting.removeCSS
methods.

This is a fairly simple change but the move to an enum in the script
execution helpers and introduction of a new mojom type led to changes
across many files.

This was agreed on in the WebExtensions Community Group:

w3c/webextensions#673

Bug: 363031548
Change-Id: I7ea345c8189d3d6a305fc8f442e20e41dfa3b29c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5890628
Reviewed-by: Devlin Cronin <[email protected]>
Commit-Queue: Oliver Dunk <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1402633}
@oliverdunk
Copy link
Member Author

We are shipping this change in Chrome 133: https://chromiumdash.appspot.com/commit/9161803635fdc6516467a1d655080f5b5a6c48fe

@oliverdunk oliverdunk added implemented: chrome Implemented in Chrome and removed supportive: chrome Supportive from Chrome labels Jan 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
implemented: chrome Implemented in Chrome implemented: firefox Implemented in Firefox supportive: safari Supportive from Safari topic: scripting
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@xeenon @dotproto @tophf @Rob--W @oliverdunk