This threadsafe core type also acts as a weak reference to the main-thread
WebExtensionPolicy when needed. This will be used when information about a
WebExtension is needed to be accessible off-main-thread in the future.
Differential Revision: https://phabricator.services.mozilla.com/D158879
This also involves making MatchGlob operate on UTF8String instead of DOMString,
as the rust `regex` crate operates on utf-8 strings. This should have no
functional impact on callers.
Differential Revision: https://phabricator.services.mozilla.com/D158877
Now that all fields and methods in WebAccessibleResource have been made
threadsafe, we can make the type itself be threadsafe.
Differential Revision: https://phabricator.services.mozilla.com/D158885
In order to make WebAccessibleResource threadsafe, as well as other places, it
needs to be possible to look up a `WebExtensionPolicyCore` from any thread.
This is handled by using a static method on the ExtensionPolicyService for this
task, and keeping a seperate mutex-guarded static table under the hood.
Theoretically the table within `ExtensionPolicyService()` could also be
removed, however I held off on doing that in case it would have a negative
performance impact to take extra locks and follow extra pointers.
Differential Revision: https://phabricator.services.mozilla.com/D158884
Similar to MatchGlob, this is fairly straightforward, but is complicated
slightly by `MatchPatternSet`, which allows being destructured into the
contained `MatchPattern` instances in a `[Constant]` method. To handle this a
cache is added for the wrappers in the cycle-collected `MatchPatternSet`.
Differential Revision: https://phabricator.services.mozilla.com/D158883
This threadsafe core type also acts as a weak reference to the main-thread
WebExtensionPolicy when needed. This will be used when information about a
WebExtension is needed to be accessible off-main-thread in the future.
Differential Revision: https://phabricator.services.mozilla.com/D158879
This also involves making MatchGlob operate on UTF8String instead of DOMString,
as the rust `regex` crate operates on utf-8 strings. This should have no
functional impact on callers.
Differential Revision: https://phabricator.services.mozilla.com/D158877
object-src used to be required because it controls plugins, and we did
not want to load unsafe sources as plugins. With NPAPI plugin support
having been dropped a long time ago, this reason no longer exist.
The requirement for "secure" object-src CSP directive meant that
extensions had to specify a boilerplate object-src if they wanted to
modify script-src.
This patch removes the object-src requirement from extension CSP,
which simplifies the usage and learning curve of CSP usage in
extensions.
With this change, extensions can now load "unsafe" (remote) content
via `<embed>` and `<object>` tags. This relaxation does not reduce
the security because this was already possible with `<iframe>` tags.
Differential Revision: https://phabricator.services.mozilla.com/D156747
This patch adds a new `temporarilyInstalled` property to the WebExtensionPolicy object, set to
the value of the same property from a Extension.jsm perspective.
The new property is being introduced mainly to be used in a patch that follows to allow the
ServiceWorkerManager internals to access that from the C++ layer (but it may be also
become a useful knowledge for other C++ components in the future).
Differential Revision: https://phabricator.services.mozilla.com/D119529
This patch implements support for the manifest V3 matches property
which limits what hosts may load an extensions web_accessible_resources.
Differential Revision: https://phabricator.services.mozilla.com/D107746
This is the initial level of support for MV3 web_accessible_resources, which simply moves the
resource list into an object notation. It lays out the framework to support the additional functionality
that will be implemented in followup bugs.
Differential Revision: https://phabricator.services.mozilla.com/D107310
Implement manifest v3 CSP that is compatible with the current chrome implementation.
Support for content_security_policy.isolated_world (a.k.a. content_security_policy.content_scripts)
has been removed for consistency with
345390adf6%5E%21/
Differential Revision: https://phabricator.services.mozilla.com/D100573
