[Firefox] Scripts share the same window wrapper if @inject-into content is used #1102
Description
keywords: leak, pollute, pollution, isolate, isolated, conflict, conflicting
What is the problem?
The same window wrapper is shared across multiple scripts running on the same page if @inject-into content is used, i.e. if the site uses CSP. This makes it impossible to run scripts which require incompatible dependencies, such as different versions of jQuery.
How to reproduce it?
Load the following scripts in order and run on a page with no other scripts enabled.
Script 1
// ==UserScript==
// @name Script 1
// @version 0.0.1
// @namespace violentmonkey-test
// @require https://code.jquery.com/jquery-2.2.4.min.js
// @include *
// @grant GM_log
// @inject-into content
// ==/UserScript==
setTimeout(() => console.log('final script1 jQuery:', jQuery.fn.jquery), 1000)
console.log('inside script 1')
console.log('script1 jQuery:', jQuery.fn.jquery)
console.log('leaving script 1')Script 2
// ==UserScript==
// @name Script 2
// @version 0.0.1
// @namespace violentmonkey-test
// @require https://code.jquery.com/jquery-3.5.1.slim.min.js
// @include *
// @grant GM_log
// @inject-into content
// ==/UserScript==
setTimeout(() => console.log('final script2 jQuery:', jQuery.fn.jquery), 1000)
console.log('inside script 2')
console.log('script2 jQuery:', jQuery.fn.jquery)
console.log('leaving script 2')What is the expected result?
inside script 1
script1 jQuery: 2.2.4
leaving script 1
inside script 2
script2 jQuery: 3.5.1
leaving script 2
final script1 jQuery: 2.2.4
final script2 jQuery: 3.5.1
What is the actual result?
inside script 1
script1 jQuery: 2.2.4
leaving script 1
inside script 2
script2 jQuery: 3.5.1
leaving script 2
final script1 jQuery: 3.5.1
final script2 jQuery: 3.5.1
Note that Tampermonkey for Firefox (v4.11.6120) produces the expected output, but Greasemonkey (v4.10.0) produces the same output as Violentmonkey.
Environment
- Browser: Firefox v82.0.3
- Violentmonkey: v2.12.7
- OS: Linux (Arch)