I would like to clarify if chrome sidePanel is working in "isolated world" mode as content-script by default does
54 views
Skip to first unread message
Fedir Trehubov
Jul 12, 2024, 11:36:12 AM (4 days ago) Jul 12
to Chromium Extensions
Hi!
I've built the chrome extension using content-scripts, service-worker and side panel.
Currently, I am going to integrate sentry to monitor errors and set up some metrics.
Currently, I am going to integrate sentry to monitor errors and set up some metrics.
In their documentation, https://docs.sentry.io/platforms/javascript/best-practices/shared-environments/, I found, that initialising Sentry in its default way (Sentry.init()), I could produce lacking data into the web page scope and at the same time capture web page errors. For sure, I would prefer to avoid such a behaviour.
Therefore I would like to clarify if chrome sidePanel is working in "isolated world" mode as content-script by default does, so no lacking of data is expected. For more information check sentry issue https://github.com/getsentry/sentry-javascript/issues/10632.
Best regards
woxxom
Jul 12, 2024, 4:08:38 PM (3 days ago) Jul 12
to Chromium Extensions, Fedir Trehubov
Assuming you use chrome.sidePanel API, the URL of page is chrome-extension://id/foo.html, which means it runs inside the separate OS process for this extension, i.e. it's an actual isolation. The content scripts aren't physically isolated, they run in the OS process of the website, there's just a thin membrane in V8 that can be pierced via side-channel attacks from JS.
Fedir Trehubov
Jul 13, 2024, 10:48:28 AM (3 days ago) Jul 13
to Chromium Extensions, woxxom, Fedir Trehubov
Thanks for the short and precise clarification! 🙌
Have a nice weekend!
Reply all
Reply to author
Forward
0 new messages