Standardize Firefox exportFunction() and cloneInto()
#75
Comments
|
Some context: #57 (comment) |
xeenon
changed the title
exportFunction() and cloneInto()
|
Documentations on The current Firefox documentation on these APIs are quite a mess. Its documentations are very out-of-date, some of them are only available via google search cache. Existing documentations are based on providing examples, not on rigorous specification. It is also based on very ad-hoc concepts; xray vision will see properties of DOM objects un-altered, but except for It is a permission-based API, which means an innocuous-looking code can suddenly throw errors in runtime, in contrast to your friendly cross-origin errors, which are only thrown during only a few distinguished API calls. It seems that it is not possible to statically analyze a codebase for possibilities of such errors. Therefore, the current status of this API is inherently developer-hostile. It 'works' for exposing simple callback functions to pages, but if you try to build anything marginally more complex, you will quickly fall into a maze of cryptic errors. I expect that there will be very few people who understands this API through the end. It even feels that Mozilla would want to phase out these APIs eventually. Some deficiencies of the current API that I'd like to see addressed:
|
Firefox offers two functions that enable functionality and/or objects present in a content script to be exposed in a controlled fashion to a webpage.
This mechanism keeps the security separation between the webpage and content script, while allowing webpages to access functionality defined in a web extension.
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Sharing_objects_with_page_scripts#exportfunction
Standardise this (or a suitable variation) for all browsers.
The text was updated successfully, but these errors were encountered: