Variable named 'browser' collides with browser namespace in extension content scripts
Reported by
varjolin...@gmail.com,
Jul 20
|
||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0 Steps to reproduce the problem: 1. Download KeePassXC-Browser from Chrome Web Store (or any other extension which uses browser-polyfill to use the browser namespace in content scripts) 2. Go to https://jsfiddle.net/y2eb1t44/7/ and inspect the page 3. See the error message 'Uncaught TypeError: Cannot read property 'onMessage' of undefined' in the console. What is the expected behavior? Using JavaScript via browser namespace should work normally. What went wrong? Any variable in content script named 'browser' will collide with browser namespace. Any element with id 'browser' will show this behaviour. Did this work before? No Chrome version: <Copy from: 'about:version'> Channel: n/a OS Version: OS X 10.13 Flash Version:
,
Jul 20
Tentatively assigning to the Extensions component because this sounds like it's about improper isolation between page content and extensions.
,
Jul 21
Am I correct that this improper isolation could be potentially dangerous? In theory it could be possible to override the whole browser.runtime and capture any data that is being sent via sendMessage() etc.
,
Jul 21
It's simply a bug in the Mozilla's polyfill: it checks for 'undefined' which is incorrect because DOM elements with an id create implicit global variables. This is probably a known bug, which is not trivial to fix, as it's hard to imagine they could overlook something so simple. There is no leaking, the content script's object is inaccessible for the page scripts.
,
Jul 21
Why does Chromium create such implicit global variables and allows content scripts to use them? This cannot be reproduced with non-Chromium browsers.
,
Jul 21
All standards-compliant browsers create implicit global variables for DOM elements with an id attribute, including Firefox. This is the correct behavior inherited from some ancient browser. The only reason why this specific bug isn't triggered in Firefox is because Firefox has a built-in window.browser variable which overrides the implicit one.
,
Jul 21
Thank you for the explanation. I'll make an issue to the webextension-polyfill project.
,
Jul 24
Able to reproduce this issue on latest stable 67.0.3396.99 and latest canary 70.0.3501.0 using Windows 10, Mac 10.13.6 and Debian. i.e; Obsderved 'Uncaught TypeError: Cannot read property 'onMessage' of undefined' in the console This issue is seen from M-60. Hence considering this issue as Non-Regression and marking as Untriaged for MAc/Linux/Windows. @ varjolintuvarjo: Could you please provide app url to test this issue on android.
,
Jul 25
@chelamcherla: I'm sorry but I don't have an Android device and I'm not sure what is needed here. Is a test extension published in Chrome Web Store enough?
,
Jul 27
As discussed in the comments, this is an issue in the polyfill provided, not in chrome. Closing this out. |
||||
►
Sign in to add a comment |
||||
Comment 1 by varjolin...@gmail.com
, Jul 20