felixfoertsch/webextensions-examples
1
0
Fork 0
mirror of https://github.com/mdn/webextensions-examples.git synced 2026-04-17 23:08:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Prevent chrome API access (#583)

Browse Source 
`chrome.runtime.connect` & `chrome.runtime.sendMessage` are still accessible to userscripts.
This commit is contained in:
erosman
2025-05-09 20:56:50 +03:30
committed by GitHub
parent 6977b6b240
commit 7e52f30052
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
userScripts-mv3/userscript_api.js
View File

@@ -18,6 +18,7 @@ globalThis.initCustomAPIForUserScripts = grants => {
// Clear access to privileged API to prevent userscripts from communicating // Clear access to privileged API to prevent userscripts from communicating
// to the privileged backend. // to the privileged backend.
globalThis.browser = undefined; globalThis.browser = undefined;
globalThis.chrome = undefined;
if (grants.includes("GM_info")) { if (grants.includes("GM_info")) {
// Example of an API that retrieves information: // Example of an API that retrieves information: