1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
"use strict";
Services.prefs.setBoolPref("extensions.manifestV3.enabled", true);
const server = createHttpServer({ hosts: ["example.com", "example.net"] });
server.registerDirectory("/data/", do_get_file("data"));
const HOSTS = ["http://example.com/*", "http://example.net/*"];
const { ExtensionPermissions } = ChromeUtils.importESModule(
"resource://gre/modules/ExtensionPermissions.sys.mjs"
);
function grantOptional({ extension: ext }, origins) {
return ExtensionPermissions.add(ext.id, { origins, permissions: [] }, ext);
}
function revokeOptional({ extension: ext }, origins) {
return ExtensionPermissions.remove(ext.id, { origins, permissions: [] }, ext);
}
function makeExtension(id, content_scripts) {
return ExtensionTestUtils.loadExtension({
manifest: {
manifest_version: 3,
browser_specific_settings: { gecko: { id } },
content_scripts,
permissions: ["scripting"],
host_permissions: HOSTS,
},
files: {
"cs.js"() {
browser.test.log(`${browser.runtime.id} script on ${location.host}`);
browser.test.sendMessage(`${browser.runtime.id}_on_${location.host}`);
},
},
background() {
browser.test.onMessage.addListener(async (msg, origins) => {
browser.test.log(`${browser.runtime.id} registering content scripts`);
await browser.scripting.registerContentScripts([
{
id: "cs1",
persistAcrossSessions: false,
matches: origins,
js: ["cs.js"],
},
]);
browser.test.sendMessage("done");
});
},
});
}
// Test that content scripts in MV3 enforce origin permissions.
// Test granted optional permissions are available in newly spawned processes.
add_task(async function test_contentscript_mv3_permissions() {
// Alpha lists content scripts in the manifest.
let alpha = makeExtension("alpha@test", [{ matches: HOSTS, js: ["cs.js"] }]);
let beta = makeExtension("beta@test");
await grantOptional(alpha, HOSTS);
await grantOptional(beta, ["http://example.net/*"]);
info("Granted initial permissions for both.");
await alpha.startup();
await beta.startup();
// Beta registers same content scripts using the scripting api.
beta.sendMessage("register", HOSTS);
await beta.awaitMessage("done");
// Only Alpha has origin permissions for example.com.
{
let page = await ExtensionTestUtils.loadContentPage(
`http://example.com/data/file_sample.html`
);
info("Loaded a page from example.com.");
await alpha.awaitMessage("alpha@test_on_example.com");
info("Got a message from alpha@test on example.com.");
await page.close();
}
await revokeOptional(alpha, ["http://example.net/*"]);
info("Revoked example.net permissions from Alpha.");
// Now only Beta has origin permissions for example.net.
{
let page = await ExtensionTestUtils.loadContentPage(
`http://example.net/data/file_sample.html`
);
info("Loaded a page from example.net.");
await beta.awaitMessage("beta@test_on_example.net");
info("Got a message from beta@test on example.net.");
await page.close();
}
info("Done, unloading Alpha and Beta.");
await beta.unload();
await alpha.unload();
});
|
