1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
interface URI;
interface WindowProxy;
callback WebExtensionLocalizeCallback = DOMString (DOMString unlocalizedText);
/**
* Defines the platform-level policies for a WebExtension, including its
* permissions and the characteristics of its moz-extension: URLs.
*/
[ChromeOnly, Exposed=Window]
interface WebExtensionPolicy {
[Throws]
constructor(WebExtensionInit options);
/**
* The add-on's internal ID, as specified in its manifest.json file or its
* XPI signature.
*/
[Constant, StoreInSlot]
readonly attribute DOMString id;
/**
* The hostname part of the extension's moz-extension: URLs. This value is
* generated randomly at install time.
*/
[Constant, StoreInSlot]
readonly attribute ByteString mozExtensionHostname;
/**
* The file: or jar: URL to use for the base of the extension's
* moz-extension: URL root.
*/
[Constant]
readonly attribute ByteString baseURL;
/**
* The extension's user-visible name.
*/
[Constant]
readonly attribute DOMString name;
/**
* The add-on's internal type as determined by parsing the manifest.json file.
*/
[Constant]
readonly attribute DOMString type;
/**
* Whether the extension has access to privileged features
*/
[Constant]
readonly attribute boolean isPrivileged;
/**
* Whether the extension is installed temporarily
*/
[Constant]
readonly attribute boolean temporarilyInstalled;
/**
* The manifest version in use by the extension.
*/
[Constant]
readonly attribute unsigned long manifestVersion;
/**
* The base content security policy string to apply on extension
* pages for this extension. The baseCSP is specific to the
* manifest version. If the manifest version is 3 or higher it
* is also applied to content scripts.
*/
[Constant]
readonly attribute DOMString baseCSP;
/**
* The content security policy string to apply to all pages loaded from the
* extension's moz-extension: protocol. If one is not provided by the
* extension the default value from preferences is used.
* See extensions.webextensions.default-content-security-policy.
*/
[Constant]
readonly attribute DOMString extensionPageCSP;
/**
* The list of currently-active permissions for the extension, as specified
* in its manifest.json file. May be updated to reflect changes in the
* extension's optional permissions.
*/
[Cached, Frozen, Pure]
attribute sequence<DOMString> permissions;
/**
* Match patterns for the set of web origins to which the extension is
* currently allowed access. May be updated to reflect changes in the
* extension's optional permissions.
*/
[Pure]
attribute MatchPatternSet allowedOrigins;
/**
* The set of content scripts active for this extension.
*/
[Cached, Frozen, Pure]
readonly attribute sequence<WebExtensionContentScript> contentScripts;
/**
* True if the extension is currently active, false otherwise. When active,
* the extension's moz-extension: protocol will point to the given baseURI,
* and the set of policies for this object will be active for its ID.
*
* Only one extension policy with a given ID or hostname may be active at a
* time. Attempting to activate a policy while a conflicting policy is
* active will raise an error.
*/
[Affects=Everything, SetterThrows]
attribute boolean active;
/**
* True if this extension is exempt from quarantine.
*/
[Cached, Pure]
attribute boolean ignoreQuarantine;
/**
* True if both e10s and webextensions.remote are enabled. This must be
* used instead of checking the remote pref directly since remote extensions
* require both to be enabled.
*/
static readonly attribute boolean useRemoteWebExtensions;
/**
* True if the calling process is an extension process.
*/
static readonly attribute boolean isExtensionProcess;
/**
* Whether the background.service_worker in the extension manifest.json file
* is enabled.
*
* NOTE: **do not use Services.prefs to retrieve the value of the undelying pref**
*
* It is defined in StaticPrefList.yaml as `mirror: once` and so checking
* its current value using Services.prefs doesn't guarantee that it does
* match the value as accessible from the C++ layers, and unexpected issue
* may be possible if different code has a different idea of its value.
*/
static readonly attribute boolean backgroundServiceWorkerEnabled;
/**
* Whether the Quarantined Domains feature is enabled. Use this as a single
* source of truth instead of checking extensions.QuarantinedDomains.enabled
* pref directly because the logic might change.
*/
static readonly attribute boolean quarantinedDomainsEnabled;
/**
* Set based on the manifest.incognito value:
* If "spanning" or "split" will be true.
* If "not_allowed" will be false.
*/
[Pure]
readonly attribute boolean privateBrowsingAllowed;
/**
* Returns true if the extension can access a window. Access is
* determined by matching the windows private browsing context
* with privateBrowsingMode. This does not, and is not meant to
* handle specific differences between spanning and split mode.
*/
[Affects=Nothing]
boolean canAccessWindow(WindowProxy window);
/**
* Returns true if the extension has cross-origin access to the given URI.
*/
boolean canAccessURI(URI uri, optional boolean explicit = false);
/**
* Returns true if the extension currently has the given permission.
*/
boolean hasPermission(DOMString permission);
/**
* Returns true if the domain is on the Quarantined Domains list.
*/
static boolean isQuarantinedURI(URI uri);
/**
* Returns true if this extension is quarantined from the URI.
*/
boolean quarantinedFromURI(URI uri);
/**
* Returns true if the given path relative to the extension's moz-extension:
* URL root is listed as a web accessible path. Access checks on a path, such
* as performed in nsScriptSecurityManager, use sourceMayAccessPath below.
*/
boolean isWebAccessiblePath(UTF8String pathname);
/**
* Returns true if the given path relative to the extension's moz-extension:
* URL root may be accessed by web content at sourceURI. For Manifest V2,
* sourceURI is ignored and the path must merely be listed as web accessible.
*/
boolean sourceMayAccessPath(URI sourceURI, UTF8String pathname);
/**
* Replaces localization placeholders in the given string with localized
* text from the extension's currently active locale.
*/
DOMString localize(DOMString unlocalizedText);
/**
* Returns the moz-extension: URL for the given path.
*/
[Throws]
DOMString getURL(optional DOMString path = "");
/**
* Register a new content script programmatically.
*/
[Throws]
undefined registerContentScript(WebExtensionContentScript script);
/**
* Unregister a content script.
*/
[Throws]
undefined unregisterContentScript(WebExtensionContentScript script);
/**
* Injects the extension's content script into all existing matching windows.
*/
[Throws]
undefined injectContentScripts();
/**
* Returns the list of currently active extension policies.
*/
static sequence<WebExtensionPolicy> getActiveExtensions();
/**
* Returns the currently-active policy for the extension with the given ID,
* or null if no policy is active for that ID.
*/
static WebExtensionPolicy? getByID(DOMString id);
/**
* Returns the currently-active policy for the extension with the given
* moz-extension: hostname, or null if no policy is active for that
* hostname.
*/
static WebExtensionPolicy? getByHostname(ByteString hostname);
/**
* Returns the currently-active policy for the extension extension URI, or
* null if the URI is not an extension URI, or no policy is currently active
* for it.
*/
static WebExtensionPolicy? getByURI(URI uri);
/**
* Returns true if the URI is restricted for any extension.
*/
static boolean isRestrictedURI(URI uri);
/**
* When present, the extension is not yet ready to load URLs. In that case,
* this policy object is a stub, and the attribute contains a promise which
* resolves to a new, non-stub policy object when the extension is ready.
*
* This may be used to delay operations, such as loading extension pages,
* which depend on extensions being fully initialized.
*
* Note: This will always be either a Promise<WebExtensionPolicy?> or null,
* but the WebIDL grammar does not allow us to specify a nullable Promise
* type.
*
* Note: This could resolve to null when the startup was interrupted.
*/
readonly attribute object? readyPromise;
/**
* Returns true if the given worker script URL matches the background
* service worker url declared in the extension manifest.json file.
*/
boolean isManifestBackgroundWorker(DOMString workerURL);
/**
* Get the unique BrowsingContextGroup ID which will be used for toplevel
* page loads from this extension.
*
* This method will raise an exception if called from outside of the parent
* process, or if the extension is inactive.
*/
[Throws]
readonly attribute unsigned long long browsingContextGroupId;
};
dictionary WebAccessibleResourceInit {
required sequence<MatchGlobOrString> resources;
MatchPatternSetOrStringSequence? matches = null;
sequence<DOMString>? extension_ids = null;
};
dictionary WebExtensionInit {
required DOMString id;
required ByteString mozExtensionHostname;
required DOMString baseURL;
DOMString name = "";
DOMString type = "";
boolean isPrivileged = false;
boolean ignoreQuarantine = false;
boolean temporarilyInstalled = false;
required WebExtensionLocalizeCallback localizeCallback;
required MatchPatternSetOrStringSequence allowedOrigins;
sequence<DOMString> permissions = [];
sequence<WebAccessibleResourceInit> webAccessibleResources = [];
sequence<WebExtensionContentScriptInit> contentScripts = [];
// The use of a content script csp is determined by the manifest version.
unsigned long manifestVersion = 2;
DOMString? extensionPageCSP = null;
sequence<DOMString>? backgroundScripts = null;
DOMString? backgroundWorkerScript = null;
// Whether the background scripts should be loaded as ES modules.
boolean backgroundTypeModule = false;
Promise<WebExtensionPolicy?> readyPromise;
};
|