Cross-browser and cross-manifest compatibility down to Gecko 115.

Author: hackademix

manifest.js

@@ -49,6 +49,7 @@ if (MANIFEST_VER.includes(3)) {
   json.manifest_version = 3;
   if (!isFirefox) {
     delete json.browser_specific_settings;
+    delete json.content_security_policy;
     const {scripts} = json.background;
     delete json.background.scripts;
     delete json.background.persistent;
@@ -70,15 +71,15 @@ if (MANIFEST_VER.includes(3)) {
     "webRequestFilterResponse",
     "webRequestFilterResponse.serviceWorkerScript",
   ]) {
-    permissions.delete (p);
+    permissions.delete(p);
   }
 
   const excludedScriptsRx = /\bcontent\/(?:embeddingDocument|dirindex)\.js$/;
   for (const cs of json.content_scripts) {
     cs.js = cs.js.filter(src => !excludedScriptsRx.test(src));
   }
   delete json.browser_action;
-  delete json.commands._execute_browser_action
+  delete json.commands._execute_browser_action;
 } else {
   // MV2
   json.manifest_version = 2;
@@ -92,16 +93,25 @@ if (MANIFEST_VER.includes(3)) {
     permissions.delete(p);
   }
 
-  // TODO: just scan ${MANIFEST_SRC_DIR}/nscl/mv2main/*.js
-  const mainWorldPatchers = [
-    "patchWorkers",
-    "prefetchCSSResources",
-    "WebGLHook"
-  ];
-  const mainWorldPatchersRx = new RegExp(`nscl/content/(${mainWorldPatchers.join("|")})\\b`);
-  (json.content_scripts = json.content_scripts.filter(cs => !cs.world)).forEach(cs => {
-    cs.js = cs.js.map(src => src.replace(mainWorldPatchersRx, "nscl/mv2main/$1"));
-  });
+  // Append MAIN world "*.main.js" scripts to their isolated counterparts
+  // (on Gecko we will patch windows through xray)
+  const isolatedWorldJS = json.content_scripts.find(
+    cs => cs.world != "MAIN" && cs.js?.some(src => src.endsWith("/Worlds.js"))).js;
+
+  json.content_scripts.find(cs => cs.world == "MAIN" && cs.js?.some(src => src.endsWith("/Worlds.main.js")))
+    .js.filter(src => src.endsWith(".main.js"))
+    .forEach(src => {
+      const isolatedSrc = src.replace(/.*(\/[\w+.]+)\.main(?=\.js$)/, "$1");
+      const idx = isolatedWorldJS.findIndex(src => src.endsWith(isolatedSrc));
+      if (idx > -1) {
+        isolatedWorldJS.splice(idx + 1, 0, src)
+      } else {
+        isolatedWorldJS.push(src);
+      }
+    });
+
+  // remove all the MAIN world content script
+  json.content_scripts = json.content_scripts.filter(cs => cs.world != "MAIN");
 }
 
 // remove developer-only stuff

src/bg/main.js

@@ -238,19 +238,9 @@
       } catch (e) {
         console.error(e);
       }
-      const ret = {"vintage": await Themes.isVintage()};
+      const ret = {"vintage": !!(await Themes.isVintage())};
       console.debug("Returning from getTheme", ret); // DEV_ONLY
-      return ret;
-    },
-
-    async promptHook(msg, {tabId}) {
-      const func = () => {
-        try { if (document.fullscreenElement) document.exitFullscreen(); } catch (e) {}
-      };
-      await Scripting.executeScript({
-        target: {tabId},
-        func,
-      });
+      return Promise.resolve(ret);
     },
 
     async reloadWithCredentials({tabId, remember}) {
@@ -309,7 +299,10 @@
 
     async computeChildPolicy({url, contextUrl}, sender) {
       await ns.initializing;
-      let {tab} = sender;
+      let {tab, origin} = sender;
+      if (url == sender.url && url == "about:blank") {
+        url = origin;
+      }
       let policy = ns.policy;
       const {isTorBrowser} = ns.local;
       if (!policy) {
@@ -443,7 +436,7 @@
         return seen;
       } catch (e) {
         try {
-          const {url} = (await browser.tabs.get(tabId)).url;
+          const {url} = (await browser.tabs.get(tabId));
           await include("/nscl/common/restricted.js");
           if (!isRestrictedURL(url)) {
             // probably a page where content scripts cannot run, let's open the options instead

src/content/content.js

@@ -165,7 +165,7 @@ window.addEventListener("securitypolicyviolation", async e => {
   Messages.send("violation", {url: reportUrl, type, isReport});
 }, true);
 
-if (!/^https:/.test(location.protocol)) {
+if (!/^http/.test(location.protocol)) {
   // Reporting CSP can only be injected in HTTP responses,
   // let's emulate them using mutation observers
   const checked = new Set();

src/manifest.json

@@ -5,15 +5,16 @@
   "browser_specific_settings": {
     "gecko": {
       "id":  "{73a6fe31-595d-460b-a920-fcc0f8843232}",
-      "strict_min_version": "66.0",
-      "strict_max_version": "665.0"
+      "strict_min_version": "115.0"
     },
     "gecko_android": {}
   },
   "version": "12.0.8.901",
   "description": "__MSG_Description__",
   "incognito": "spanning",
 
+  "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'none'",
+
   "icons": {
     "48": "img/icon48.png",
     "96": "img/icon96.png",
@@ -106,7 +107,6 @@
         "/nscl/common/RequestKey.js",
         "/nscl/content/DocRewriter.js",
         "/nscl/content/Worlds.js",
-        "/nscl/content/patchWindow.js",
         "/nscl/content/patchWorkers.js",
         "/nscl/content/DocumentCSP.js",
         "/nscl/content/NoscriptElements.js",
@@ -117,7 +117,6 @@
         "content/staticNS.js",
         "/nscl/content/media.js",
         "/nscl/content/WebGLHook.js",
-        "/nscl/content/promptHook.js",
         "content/embeddingDocument.js",
         "content/content.js",
         "content/dirindex.js",