-
Notifications
You must be signed in to change notification settings - Fork 22.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Content scripts access to getCoalescedEvents #31638
base: main
Are you sure you want to change the base?
Content scripts access to getCoalescedEvents #31638
Conversation
FYI @gregorypappas |
Preview URLs
External URLs (3)URL:
URL:
|
@@ -57,6 +57,7 @@ This article provides information about the changes in Firefox 123 that affect d | |||
## Changes for add-on developers | |||
|
|||
- Addition of fhe {{WebExtAPIRef("contextualIdentities.move")}} function enables items to be moved in the list of contextual identities. This function enables extensions to customize the order in which contextual identities display in the UI ([Firefox bug 1333395](https://bugzil.la/1333395)). | |||
- The {{domxref("PointerEvent.getCoalescedEvents()")}} method (which was restricted to use in secure contexts only in Firefox 120 ([Firefox bug 1858434](https://bugzil.la/1858434))) is now available for use by extensions in all contexts [Firefox bug 1870498](https://bugzil.la/1870498)). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or should this be under Firefox 120 for Bug 1859236?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
123 is not the right place.
This was a temporary regression in 120 Nightly, there has not been any change on 120 beta or release.
I think that it would be nice to call out that the restriction does not apply to extensions... Maybe under "Changes for add-on developers"?
- Although the {{domxref("PointerEvent.getCoalescedEvents()")}} has been restricted to Secure Contexts only, content scripts can continue to use this method even in documents that are not a secure context ([Firefox bug 1870498](https://bugzil.la/1870498)).
(and if we have a section in our documentation for this, maybe link to that article)
{{APIRef("Pointer Events")}} {{secureContext_header}} | ||
{{APIRef("Pointer Events")}} | ||
|
||
<div class='notecard secure'><h4>Secure context</h4><p> In web page scripts, this feature is available only in <a href='/en-US/docs/Web/Security/Secure_Contexts'>secure contexts</a> (HTTPS) in some or all <a href='#browser_compatibility'>supporting browsers</a>. In Firefox, when called from a web extension content script, this feature is available in all contexts.</p></div> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a better way of handling this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that we should have a dedicated section about Secure Contexts in content scripts, and cross-link that from https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts
It doesn't feel entirely right to offer a notable mention of the behavior in extension-specific code here. I'd like more input from other MDN curators/peers here.
Just like the scripts loaded by normal web pages, content scripts can read and modify the content of their pages using the standard DOM APIs. However, they can only do this when [host permissions to the web page's origin have been granted](#permissions). | ||
Just like the scripts loaded by normal web pages, content scripts can read and modify the content of their pages using the standard [Web APIs](/en-US/docs/Web/API). However, they can only do this when [host permissions to the web page's origin have been granted](#permissions). | ||
|
||
> **Note:** The restriction on using specific Web API in [secure contexts](/en-US/docs/Web/Security/Secure_Contexts) only applies to their use in extensions, except that {{domxref("PointerEvent.getCoalescedEvents()")}} can be used from content scripts in all contexts. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What are you trying to express here?
The rule expressed in the paragraph before is a good baseline. For ease of comprehension, I suggest to leave the message simple (content scripts can access any Web APIs available to the web page. And maybe have a section elsewhere on this page describing the difference compared to the usual expectations. Then we can use that section to explain special differences... Maybe under "Content script environment"?
@@ -57,6 +57,7 @@ This article provides information about the changes in Firefox 123 that affect d | |||
## Changes for add-on developers | |||
|
|||
- Addition of fhe {{WebExtAPIRef("contextualIdentities.move")}} function enables items to be moved in the list of contextual identities. This function enables extensions to customize the order in which contextual identities display in the UI ([Firefox bug 1333395](https://bugzil.la/1333395)). | |||
- The {{domxref("PointerEvent.getCoalescedEvents()")}} method (which was restricted to use in secure contexts only in Firefox 120 ([Firefox bug 1858434](https://bugzil.la/1858434))) is now available for use by extensions in all contexts [Firefox bug 1870498](https://bugzil.la/1870498)). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
123 is not the right place.
This was a temporary regression in 120 Nightly, there has not been any change on 120 beta or release.
I think that it would be nice to call out that the restriction does not apply to extensions... Maybe under "Changes for add-on developers"?
- Although the {{domxref("PointerEvent.getCoalescedEvents()")}} has been restricted to Secure Contexts only, content scripts can continue to use this method even in documents that are not a secure context ([Firefox bug 1870498](https://bugzil.la/1870498)).
(and if we have a section in our documentation for this, maybe link to that article)
{{APIRef("Pointer Events")}} {{secureContext_header}} | ||
{{APIRef("Pointer Events")}} | ||
|
||
<div class='notecard secure'><h4>Secure context</h4><p> In web page scripts, this feature is available only in <a href='/en-US/docs/Web/Security/Secure_Contexts'>secure contexts</a> (HTTPS) in some or all <a href='#browser_compatibility'>supporting browsers</a>. In Firefox, when called from a web extension content script, this feature is available in all contexts.</p></div> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that we should have a dedicated section about Secure Contexts in content scripts, and cross-link that from https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts
It doesn't feel entirely right to offer a notable mention of the behavior in extension-specific code here. I'd like more input from other MDN curators/peers here.
@Rob--W can I confirm my understanding:
If this is correct where does Bug 1870498, the one that kicked this all off, come in? |
This pull request has merge conflicts that must be resolved before it can be merged. |
Description
This change includes: