New issue
Advanced search Search tips

Issue 868505 link

Starred by 2 users
Status: WontFix
Owner:
rdevlin....@chromium.org
Closed: Aug 22
Cc:
jawag@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Extensions Click-to-Script: Clicking "reload page" bubble grants page access to all extensions that need page reload to run

Project Member Reported by jawag@chromium.org, Jul 27 
Chrome Version: 70.0.3504.0 (Official Build) canary (64-bit) (cohort: Clang-64)
OS: Win10

What steps will reproduce the problem?
(1) Install two extensions with all hosts permission
(2) Set both extensions to "run on click"
(3) Navigate to a new page that both extensions want to run on
(4) Click one extension icon
(5) Click "reload" button when the bubble appears

What is the expected result?
The extension that you clicked should get access to the page, but the other shouldn't.

What happens instead?
Both extensions get access to the page.

Screencast: https://screencast.googleplex.com/cast/NDgzMTg0NjE1MjAxMTc3Nnw0MTE0MGRlMi0xZg

Comment 1 by rdevlin....@chromium.org, Jul 27

Cc: -rdevlin....@chromium.org
Owner: rdevlin....@chromium.org
Status: Assigned (was: Untriaged)

Comment 2 by jawag@chromium.org, Jul 30

Labels: Proj-Crx-Cts

Comment 3 by rdevlin....@chromium.org, Aug 22

Cc: jawag@chromium.org
Hmm... I don't think this is exactly what's happening.  Toby doesn't inject content scripts or use the webRequest API, and only conditionally injects scripts into the page (under which conditions, I don't know).  nytimes.com seems to intermittently be a site it tries to inject into, so I think what happened was on the first visit, it wanted to run, and on the second, it didn't.  I can see this same behavior with Toby by just refreshing nytimes.com a few times.  So we're not granting any permissions, it just doesn't want to run there anymore.  Can you see if that's the case for you as well?

Comment 4 by jawag@chromium.org, Aug 22 

Interesting! Thanks for looking into it. I can't get the run indicator to go away by simply refreshing the page - I tried at least 7 times.

That said, I can't reproduce the original issue any more. Now I can successfully grant access to 1 extension via the refresh bubble, and the Toby extension remains in the "wants to run" state after refresh.

So unless you have other concerns, I think we can just close this as WAI.

Comment 5 by rdevlin....@chromium.org, Aug 22

Status: WontFix (was: Assigned)
I think unless we find new evidence of this, we should close it out.  But let's be on the lookout.

Thanks for filing it!

Sign in to add a comment