Differential D28709

Implement executeScript for Firefox
AbandonedPublic
Actions

Authored by fvogt on Apr 9 2020, 6:48 PM.

Details

Reviewers
broulik
Group Reviewers
Plasma
Summary

window.eval is exactly what we need, so we can drop the Firefox specific
replacements like calls to exportFunction.

Test Plan

Restarted firefox, loaded extension with changes.
https://playcanv.as/p/44MRmJRU/ and google translate can be controlled over
MPRIS.

Diff Detail

Repository
R856 Plasma Browser Integration
Branch
ffeval
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 24992
Build 25010: arc lint + arc unit
fvogt created this revision.Apr 9 2020, 6:48 PM
Restricted Application added a project: Plasma. · View Herald TranscriptApr 9 2020, 6:48 PM
fvogt requested review of this revision.Apr 9 2020, 6:48 PM
fvogt updated this revision to Diff 79729.Apr 9 2020, 6:50 PM

Use full URL in comment

fvogt mentioned this in D28706: Restore old Audio prototype after exportFunction.Apr 9 2020, 6:51 PM

Note: Remains to be tested on non-firefox and old firefox ESR.

fvogt added a comment.Apr 9 2020, 6:55 PM

I'm not sure about the // Firefox enforces Content-Security-Policy also for scripts injected by the content-script part, but I'm not sure how to test it.

broulik added a comment.Apr 9 2020, 7:01 PM

Try whether it works on Spotify web player and nextcloud - they have a content security policy which prevents adding custom script tags

broulik added a comment.Apr 9 2020, 7:04 PM

At a glance this seems to be working marvellously. Even media session API works in Spotify now

broulik accepted this revision.Apr 9 2020, 7:09 PM

Thank you so much!
I tested with all the players from D24870 and it works really well.

This revision is now accepted and ready to land.Apr 9 2020, 7:09 PM
fvogt added a comment.Apr 9 2020, 9:21 PM

I just tried this with google translate on FF ESR 68(.1.0 IIRC) and it worked, but there was an error about the content security policy having blocked an eval. The error is gone if the extension is disabled.
So this needs a test with spotify/nextcloud. Do you have any public URL?

broulik added a comment.Apr 10 2020, 8:08 AM

Try https://open.spotify.com/browse/featured but I believe you can't play anything without an account.
Maybe you could upload an ogg file to KDE nextcloud and try with that.

fvogt abandoned this revision.Apr 10 2020, 10:05 AM

https://bugzilla.mozilla.org/show_bug.cgi?id=1591983 :-(

I guess spotify had unsave-eval, but not unsafe-inline, so this method just breaks different pages...

Apparently it's possible to add a script element with ´src="moz-extension:..."`, but this would require moving all page scripts into a separate file.

broulik added a comment.Apr 10 2020, 10:53 AM

I've originally injected breeze scroll bar CSS as style with src in the extension but that also cause other issues where websites weren't allowed to access the different origin of the style sheet...

broulik added a comment.Apr 10 2020, 11:31 AM

So, back to my export function patch? :/

fvogt added a comment.Apr 10 2020, 12:02 PM
In D28709#645296, @broulik wrote:

I've originally injected breeze scroll bar CSS as style with src in the extension but that also cause other issues where websites weren't allowed to access the different origin of the style sheet...

Apparently moz-extension as URL doesn't count, so that should be possible to implement.

In D28709#645320, @broulik wrote:

So, back to my export function patch? :/

I'll keep looking around, maybe I can find something. I doubt it though, as it seems to be an intentional barrier for security.

Revision Contents
Changeset List

PathPackages
Mextension/content-script.js (63 lines)

Diff 79729

View Options

extension/content-script.js

Loading...