New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 124304 link

Starred by 2 users

Issue metadata

Status: Assigned
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug

Blocked on:
issue 125962

Sign in to add a comment

Enable user opt-in requirement for content scripts in isolated apps by default

Project Member Reported by, Apr 19 2012

Issue description

Currently, an extension can apply to all sites and apps, based on the extension's manifest.  To give the user more control, we should support a list of sites and apps to which extensions do not apply, even if their manifests request otherwise.  This list would be exposed in the settings and controlled by the user, not the sites themselves.

For example, a user may want to install an extension that modifies all sites, but exclude his bank.

Note that isolated apps ( issue 69335 ) and platform apps could be placed on this list by default, unless the user chooses otherwise.

Comment 1 by, Apr 19 2012

This is going to have to go through UI team as it's a significant amount of new settings UI.

But presuming they're into it, I think it makes more sense for this to control whether extensions can run script on the page automatically.

We're planning work that will eventually result in most extensions being prevented from automatically running scripts in pages; instead users will have to click a button to execute the script. However we will have to gradually move the ecosystem over to this model. See for more on our plans here.

My proposal would be that isolated apps use this model from the beginning. The advantage here is that no configuration UI is required at all.

Comment 2 by, May 2 2012

If we can make that model (extensions cannot inject script into a page until the user clicks a button) work on isolated apps in the short term, then I agree we should go with that approach.  It avoids any complexity about presenting new UI.

Aaron, is there a way we can turn on that requirement if we know the current page is an isolated app?
Besides navigation, there also are also other extension APIs that could affect isolated apps (and platform apps):

- windows/tabs
- context menus
- content settings
- webRequest/webNavigation

Do we want to guarantee some level of isolation from these too?

Comment 4 by, May 2 2012

Blockedon: 125962
@creis: Yes, we could easily default isolated apps into this model. I just created  bug 125962  to track the work I was talking about for opting into content scripts.

@mihaip: I think we can consider the platform app case separately. At least initially, I think everyone is in agreement we want to start conservative, and not have any extension visibility into platform apps. But that does not require a list as this bug proposes.

Comment 5 by, May 2 2012

Blockedon: -125962
Sorry, I will leave the decision of how to rejigger this bug to you all ... but my preference is:

- Disallow visibility into platform apps from extensions
- Use  bug 125962  for isolated apps
See also bug 126257.  It's important to check the top-level frame to determine whether something is part of an extension/app.

Comment 7 by, May 11 2012

Blockedon: 125962
Summary: Enable user opt-in requirement for content scripts in isolated apps by default
@comment 3:
I'm not too concerned about windows/tabs APIs or context menus for isolated apps, and I think we actually want to allow webRequest and webNavigation to still work, since those are often used for privacy enhancing extensions.  Not sure about content settings, but I don't see an immediate risk for isolated apps.

Bottom line, I think  issue 125962  (requiring user opt-in before running content scripts) is sufficient for isolated apps.  We'll just ensure that's enforced by default, based on the process and top-level frame.  (Thanks for the remdiner, Adam.)
Project Member

Comment 8 by, Mar 10 2013

Blockedon: -chromium:125962 chromium:125962
Labels: -Area-UI -Feature-Extensions Cr-Platform-Extensions Cr-UI
Project Member

Comment 10 by, Jun 21 2016

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been available for more than 365 days, and should be re-evaluated. Hotlist-Recharge-Cold label is added for tracking. Please re-triage this issue.

For more details visit - Your friendly Sheriffbot
Status: Assigned (was: Untriaged)

Sign in to add a comment