-
-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
verify upcoming CSP/Manifest v3 changes #270
Comments
Thanks for the links, that's very interesting, I will study it. |
I need to study it more but it seems the changes related to remote code execution are:
If that's so, we're not affected because that's not what we're doing. For CEDICT to be working we need to be able to do two things:
With our iframe model we do not execute any code, we're just sending a message. Moreover, the iframe is inserted into a page and thus is outside of the content script realm and thus it shall not be a subject of content script restrictions. So we may be good, to the best of my understanding, but I will try to test it ASAP. |
ok, thanks! |
See https://blog.mozilla.org/addons/2019/12/12/test-the-new-csp-for-content-scripts/?utm_source=newsletter&utm_medium=email&utm_campaign=2019-dec-about-addons
@kirlat i'm assigning this to you because I'm a little worried about the upcoming restriction on remotely hosted code and how that does or doesn't impact the architecture for the cedict service. It would be good to know asap if it will be impacted by this upcoming change.
The text was updated successfully, but these errors were encountered: