window.eval is exactly what we need, so we can drop the Firefox specific
replacements like calls to exportFunction.
Details
Restarted firefox, loaded extension with changes.
https://playcanv.as/p/44MRmJRU/ and google translate can be controlled over
MPRIS.
Diff Detail
- Repository
- R856 Plasma Browser Integration
- Branch
- ffeval
- Lint
No Linters Available - Unit
No Unit Test Coverage - Build Status
Buildable 24992 Build 25010: arc lint + arc unit
I'm not sure about the // Firefox enforces Content-Security-Policy also for scripts injected by the content-script part, but I'm not sure how to test it.
Try whether it works on Spotify web player and nextcloud - they have a content security policy which prevents adding custom script tags
At a glance this seems to be working marvellously. Even media session API works in Spotify now
Thank you so much!
I tested with all the players from D24870 and it works really well.
I just tried this with google translate on FF ESR 68(.1.0 IIRC) and it worked, but there was an error about the content security policy having blocked an eval. The error is gone if the extension is disabled.
So this needs a test with spotify/nextcloud. Do you have any public URL?
Try https://open.spotify.com/browse/featured but I believe you can't play anything without an account.
Maybe you could upload an ogg file to KDE nextcloud and try with that.
https://bugzilla.mozilla.org/show_bug.cgi?id=1591983 :-(
I guess spotify had unsave-eval, but not unsafe-inline, so this method just breaks different pages...
Apparently it's possible to add a script element with ´src="moz-extension:..."`, but this would require moving all page scripts into a separate file.
I've originally injected breeze scroll bar CSS as style with src in the extension but that also cause other issues where websites weren't allowed to access the different origin of the style sheet...
Apparently moz-extension as URL doesn't count, so that should be possible to implement.
I'll keep looking around, maybe I can find something. I doubt it though, as it seems to be an intentional barrier for security.