Comments (4)
I think I'm going to implement the messaging primitive first, as a separate module that exports sendMessage()
and onMessage()
(usable in both the content script and unsafe script).
The implementation will probably be based on pixiebrix/pixiebrix-extension#1019 or what was discussed within it.
This is because, as that PR shows, there's no straight-forward way to send messages to the other side, so it would be easier to "polyfill" the sendMessage
/onMessage
API and then just use that as a medium, rather than attempting RPC-style calls without a solid messaging base.
from webext-messenger.
Thinking out loud here.
Let's say we have a handler in a content script; How do we reach it?
- from the background:
{tabId, frameId}
- from the dev tools:
"contentScript"
(one and only) - from the sidebar:
"contentScript"
or{tabId, frameId, context: "contentScript"}
- from the unsafe context:
{extensionId, context: "contentScript"}
I think getContentScriptMethod
is currently flexible enough to allow this at the call site, for example:
Here, the method exported by contentScript/api.ts
could be called as:
// From the background
setPageTitle({tab: 1, frame: 0}, 'New title');
// From dev tools
setPageTitle({}, 'New title');
// From the sidebar
setPageTitle({}, 'New title');
// From the unsafe context
setPageTitle({extensionId: "mlhlldlpep22445"}, 'New title');
The contexts 2 and 3 don't look great, but they're ok.
For the background page, I think the extension ID can be specified while creating the method, only if it's meant to be accessible from the unsafe context. So this line:
Would just become, for example:
export const sum = getMethod("sum", "mlhlldlpep22445");
And that would be the signal that the method can also be used from the unsafe context, without having to alter the method’s signature.
from webext-messenger.
Would just become, for example
I think that approach looks pretty good. Let's give it a try
Other things we might consider for "unsafe"/external:
- We could consider supporting an "allowlist" of external contexts that are allowed to send messages. (The user would opt-in to communication from certain sites)
- We could consider supporting a way for an external context to send a special "request message" privileges (or something similar) that the extension can then use to prompt for the allowlist. I would imagine handlers would be inaccessible from the external context by default, but could opt-in to certain handlers accepting messages from external senders not on the allowlist
from webext-messenger.
Just for context, some code for this now exists at https://github.com/pixiebrix/pixiebrix-extension/blob/7ee1e1292db066b074818089944020418ca18dee/src/utils/postMessage.ts#L1
from webext-messenger.
Related Issues (20)
- Remove branch protection from repo HOT 1
- Handle repeated injection gracefully HOT 6
- Drop `webextensions-polyfill` to avoid unnecessary abstraction
- Toggle WEBEXT_LOGGING at runtime
- Dispatch retries event and retry-exhaustion event
- Do not retry discarded tabs, return specific error
- Use `browser.runtime.getFrameId()` HOT 1
- Update Parcel
- Track timing HOT 2
- Immediately handle context invalidation, disabling further messaging
- Accept `Promise<Target>`
- Support `allFrames` as target
- Ensure sequence numbers are never reused HOT 2
- Error: Tabs cannot be edited right now (user may be dragging a tab).
- `retry: false` not respected when forwarding
- Add `extractTargetFromSender`
- Unwanted forwarding when targeting `allFrames` HOT 2
- Fail when trace.length > 2 HOT 2
- Meta: update parcel to 2.12+
- Preserve seq number when forwarding
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webext-messenger.