Page MenuHomePhabricator

Bug 2017797 - Part 3: Preserve legacy structuredClone behaviour for WebExtensions, r=robwu!,asuth!
ClosedPublic

Authored by nika on Feb 23 2026, 9:03 PM.
Referenced Files
Unknown Object (File)
Tue, Apr 14, 6:52 PM
Unknown Object (File)
Tue, Apr 14, 1:28 PM
Unknown Object (File)
Tue, Apr 14, 11:11 AM
Unknown Object (File)
Tue, Apr 14, 6:41 AM
Unknown Object (File)
Mon, Apr 13, 2:47 PM
Unknown Object (File)
Mon, Apr 6, 3:02 PM
Unknown Object (File)
Sun, Apr 5, 2:10 PM
Unknown Object (File)
Mar 19 2026, 2:11 AM
Subscribers

Details

Summary

This change attempts to preserve the behaviour from before bug 2013389 for
WebExtensions, putting the janky type-dependant behaviour behind a pref. This
is done by making the webextension content script globals shadow
'structuredClone' with an alternative implementation based in the content
script's global.

This alternative implementation will, when being called from a webextension
content script, only change the global of the cloned object when called on one
of the set of DOM objects which previously were impacted by the bug.

Note that previously 'structuredClone' would do this odd behaviour even for a
nested object, but this is very unlikely to happen intentionally (and would be
much more difficult to implement), so that behaviour has not been preserved.

Diff Detail

Event Timeline

phab-bot changed the visibility from "Custom Policy" to "Public (No Login Required)".
phab-bot changed the edit policy from "Custom Policy" to "Restricted Project (Project)".
phab-bot removed a project: secure-revision.
asuth added a project: testing-approved.

Restating:

js/xpconnect/src/Sandbox.cpp
420–423

nit: missing word

nika updated this revision to Diff 1211437.
nika marked an inline comment as done.Feb 24 2026, 9:42 PM
toolkit/components/extensions/test/xpcshell/test_ext_contentscript_structured_clone.js
50

The test here leans heavily on internals, where the impact on real world extensions is not immediately obvious.

Have you tried the test case that stay 100% in content script land like the ones shown in: https://bugzilla.mozilla.org/show_bug.cgi?id=2017797#c9 ? Specifically https://bugzilla.mozilla.org/show_bug.cgi?id=2017797#:~:text=Appendix%3A%20test%20behavior%20of%20structuredClone

to test whether it is from the content script, instanceof Object, to test whether it came from the web page, instanceof window.Object.

nika marked an inline comment as done.Feb 25 2026, 7:48 PM

I've changed the approach such that now it does the checks entirely within the content script.

Code analysis found 2 defects in diff 1212112:

  • 2 defects found by eslint (Mozlint)
IMPORTANT: Found 2 defects (error level) that must be fixed before landing.

You can run this analysis locally with:

  • ./mach lint --warnings --outgoing

If you see a problem in this automated review, please report it here.

You can view these defects in the Diff Detail section of Phabricator diff 1212112.

Extension test lgtm (with the linting error fixed).

Thanks! Could you also uplift the change to 149 beta so that the regression does not reach release?

This revision is now accepted and ready to land.Feb 25 2026, 11:25 PM
This revision was landed with ongoing or failed builds.Feb 26 2026, 6:21 AM
This revision was automatically updated to reflect the committed changes.
This revision is now accepted and ready to land.Feb 26 2026, 11:17 AM
This revision is now accepted and ready to land.Feb 27 2026, 3:40 PM