Docs for content script injection into data URL pages#34491
Docs for content script injection into data URL pages#34491
Conversation
| - The default value of {{WebExtAPIRef("proxy.settings")}} property `proxyDNS` is now `false` when using SOCKS4 and `true` when using SOCKS5. Previously, it defaulted to `false` for SOCKS4 and SOCKS5 ([Firefox bug 1741375](https://bugzil.la/1741375)). | ||
| - The non-standard Web API events `overflow` and `underflow` have been deprecated. Use of these events should be removed from extension documents before the release of Firefox 131 ([Firefox bug 1898445](https://bugzil.la/1898445)). | ||
| - The {{WebExtAPIRef("scripting")}} API can now inject scripts into sandboxed pages with `about:blank`, `about:srcdoc`, and `data:` URLs ([Firefox bug 1475831](https://bugzil.la/1475831)). | ||
| - The [manifest key `content_scripts`](/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_scripts) now supports `match_origin_as_fallback`, enabling scripts to be injected into `about:`, `data:`, and `blob:` pages when the document origin is opaque due to the use of CSP or iframe sandbox ([Firefox bug 1475831](https://bugzil.la/1475831)). |
There was a problem hiding this comment.
Also mention the addition to the contentScripts.register API (and update the BCD accordingly). This is part of the set of changes to content_scripts and was implemented in https://bugzilla.mozilla.org/show_bug.cgi?id=1896669
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/contentScripts/register
And please include a mention of the change to blob:-URLs from https://bugzilla.mozilla.org/show_bug.cgi?id=1897113
| - Adds the ability to enable and disable rules in static declarative net request rulesets with {{WebExtAPIRef("declarativeNetRequest.updateStaticRules")}} and list disabled rules for a static ruleset with {{WebExtAPIRef("declarativeNetRequest.getDisabledRuleIds")}} ([Firefox bug 1810762](https://bugzil.la/1810762)) | ||
| - The default value of {{WebExtAPIRef("proxy.settings")}} property `proxyDNS` is now `false` when using SOCKS4 and `true` when using SOCKS5. Previously, it defaulted to `false` for SOCKS4 and SOCKS5 ([Firefox bug 1741375](https://bugzil.la/1741375)). | ||
| - The non-standard Web API events `overflow` and `underflow` have been deprecated. Use of these events should be removed from extension documents before the release of Firefox 131 ([Firefox bug 1898445](https://bugzil.la/1898445)). | ||
| - The {{WebExtAPIRef("scripting")}} API can now inject scripts into sandboxed pages with `about:blank`, `about:srcdoc`, and `data:` URLs ([Firefox bug 1475831](https://bugzil.la/1475831)). |
There was a problem hiding this comment.
Specifically the scripting.executeScript, insertCSS and removeCSS methods.
The registerContentScripts and updateContentScripts now have a new option to support the same capability, implemented in https://bugzilla.mozilla.org/show_bug.cgi?id=1853411. This needs their own documentation updates and BCD entries.
There was a problem hiding this comment.
I didn't flag it separately because it is part of the same feature. I figured that it would be less confusing for you to wait for the documentation PR and providing the extra context than to slap the dev-doc-needed keyword on multiple bugs without context.
- Bug 1897113 Content scripts should only run in blob:-URLs if match_origin_as_fallback is true - Bug 1896669 "Dark Background and Light Text" add-on stops working - Bug 1853411 Implement matchOriginAsFallback in the scripting.registerContentScripts API
|
Preview URLs
Flaws (1)Note! 3 documents with no flaws that don't need to be listed. 🎉 URL:
External URLs (4)URL:
(comment last updated: 2024-07-01 07:52:14) |
Rob--W
left a comment
There was a problem hiding this comment.
Thanks!
The section about Limitations https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Content_scripts#limitations needs to be revised to spell out the new behaviors, but that can be covered as part of the sandbox documentation PR.
Please apply the suggested small change and then merge this PR.
Co-authored-by: Rob Wu <rob@robwu.nl>
Description
Docs in support of Bug 1475831 WebExtension: content scripts should be injected in data URL pages, including:
match_origin_as_fallbacktocontent_scripts manifestkeyRelated issues and pull requests
Related BCD update in mdn/browser-compat-data#23553