[Webkit-unassigned] [Bug 270218] New: Content Scripts running in subframe without mainframe permission fail to work properly

Wed Feb 28 01:57:14 PST 2024

https://bugs.webkit.org/show_bug.cgi?id=270218

            Bug ID: 270218
           Summary: Content Scripts running in subframe without mainframe
                    permission fail to work properly
           Product: WebKit
           Version: Safari 17
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Extensions
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: carlosj-webkit-bugzilla at jeurissen.co
                CC: timothy at apple.com, webkit-bug-importer at group.apple.com

Scenario:
The extension injects a content script into https://subframe.example.com/ with allFrames set to true.

https://mainframe.example.com/ loads https://subframe.example.com/ into an iframe.

The extension has no host permissions and runs no content scripts on https://mainframe.example.com/

Result:
The content script gets injected properly into https://subframe.example.com/, however it's storage and messaging api calls never resolve. They stay indefinitely pending.

The content script should just have proper access to these APIs in this scenario.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240228/665ba0fa/attachment.htm>