Content scripts access to getCoalescedEvents #31638
Conversation
github-actions
bot
added
Content:WebAPI
|
FYI @gregorypappas |
|
Preview URLs
External URLs (3)URL:
URL:
|
| @@ -57,6 +57,7 @@ This article provides information about the changes in Firefox 123 that affect d | |||
| ## Changes for add-on developers | |||
|
|
|||
| - Addition of fhe {{WebExtAPIRef("contextualIdentities.move")}} function enables items to be moved in the list of contextual identities. This function enables extensions to customize the order in which contextual identities display in the UI ([Firefox bug 1333395](https://bugzil.la/1333395)). | |||
| - The {{domxref("PointerEvent.getCoalescedEvents()")}} method (which was restricted to use in secure contexts only in Firefox 120 ([Firefox bug 1858434](https://bugzil.la/1858434))) is now available for use by extensions in all contexts [Firefox bug 1870498](https://bugzil.la/1870498)). | |||
There was a problem hiding this comment.
Or should this be under Firefox 120 for Bug 1859236?
There was a problem hiding this comment.
123 is not the right place.
This was a temporary regression in 120 Nightly, there has not been any change on 120 beta or release.
I think that it would be nice to call out that the restriction does not apply to extensions... Maybe under "Changes for add-on developers"?
- Although the {{domxref("PointerEvent.getCoalescedEvents()")}} has been restricted to Secure Contexts only, content scripts can continue to use this method even in documents that are not a secure context ([Firefox bug 1870498](https://bugzil.la/1870498)).
(and if we have a section in our documentation for this, maybe link to that article)
| {{APIRef("Pointer Events")}} {{secureContext_header}} | ||
| {{APIRef("Pointer Events")}} | ||
|
|
||
| <div class='notecard secure'><h4>Secure context</h4><p> In web page scripts, this feature is available only in <a href='/en-US/docs/Web/Security/Secure_Contexts'>secure contexts</a> (HTTPS) in some or all <a href='#browser_compatibility'>supporting browsers</a>. In Firefox, when called from a web extension content script, this feature is available in all contexts.</p></div> |
There was a problem hiding this comment.
Is there a better way of handling this?
There was a problem hiding this comment.
I think that we should have a dedicated section about Secure Contexts in content scripts, and cross-link that from https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts
It doesn't feel entirely right to offer a notable mention of the behavior in extension-specific code here. I'd like more input from other MDN curators/peers here.
| Just like the scripts loaded by normal web pages, content scripts can read and modify the content of their pages using the standard DOM APIs. However, they can only do this when [host permissions to the web page's origin have been granted](#permissions). | ||
| Just like the scripts loaded by normal web pages, content scripts can read and modify the content of their pages using the standard [Web APIs](/en-US/docs/Web/API). However, they can only do this when [host permissions to the web page's origin have been granted](#permissions). | ||
|
|
||
| > **Note:** The restriction on using specific Web API in [secure contexts](/en-US/docs/Web/Security/Secure_Contexts) only applies to their use in extensions, except that {{domxref("PointerEvent.getCoalescedEvents()")}} can be used from content scripts in all contexts. |
There was a problem hiding this comment.
What are you trying to express here?
The rule expressed in the paragraph before is a good baseline. For ease of comprehension, I suggest to leave the message simple (content scripts can access any Web APIs available to the web page. And maybe have a section elsewhere on this page describing the difference compared to the usual expectations. Then we can use that section to explain special differences... Maybe under "Content script environment"?
| @@ -57,6 +57,7 @@ This article provides information about the changes in Firefox 123 that affect d | |||
| ## Changes for add-on developers | |||
|
|
|||
| - Addition of fhe {{WebExtAPIRef("contextualIdentities.move")}} function enables items to be moved in the list of contextual identities. This function enables extensions to customize the order in which contextual identities display in the UI ([Firefox bug 1333395](https://bugzil.la/1333395)). | |||
| - The {{domxref("PointerEvent.getCoalescedEvents()")}} method (which was restricted to use in secure contexts only in Firefox 120 ([Firefox bug 1858434](https://bugzil.la/1858434))) is now available for use by extensions in all contexts [Firefox bug 1870498](https://bugzil.la/1870498)). | |||
There was a problem hiding this comment.
123 is not the right place.
This was a temporary regression in 120 Nightly, there has not been any change on 120 beta or release.
I think that it would be nice to call out that the restriction does not apply to extensions... Maybe under "Changes for add-on developers"?
- Although the {{domxref("PointerEvent.getCoalescedEvents()")}} has been restricted to Secure Contexts only, content scripts can continue to use this method even in documents that are not a secure context ([Firefox bug 1870498](https://bugzil.la/1870498)).
(and if we have a section in our documentation for this, maybe link to that article)
| {{APIRef("Pointer Events")}} {{secureContext_header}} | ||
| {{APIRef("Pointer Events")}} | ||
|
|
||
| <div class='notecard secure'><h4>Secure context</h4><p> In web page scripts, this feature is available only in <a href='/en-US/docs/Web/Security/Secure_Contexts'>secure contexts</a> (HTTPS) in some or all <a href='#browser_compatibility'>supporting browsers</a>. In Firefox, when called from a web extension content script, this feature is available in all contexts.</p></div> |
There was a problem hiding this comment.
I think that we should have a dedicated section about Secure Contexts in content scripts, and cross-link that from https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts
It doesn't feel entirely right to offer a notable mention of the behavior in extension-specific code here. I'd like more input from other MDN curators/peers here.
|
@Rob--W can I confirm my understanding:
If this is correct where does Bug 1870498, the one that kicked this all off, come in? |
|
This pull request has merge conflicts that must be resolved before it can be merged. |
Description
This change includes: