Chrome 111: chrome.runtime is now undefined in content scripts
810 views
Skip to first unread message
William Alford
Mar 7, 2023, 6:31:44 PM3/7/23
to Chromium Extensions
Hello.
I have an MV3 extension that used to work on previous versions of chrome/chromium but stopped working since 111.
The script was declared as such in the manifest
content_scripts: [
{
matches: domains,
css: [],
run_at: "document_start",
js: ["dist/main.js"],
world: "MAIN"
}
]
{
matches: domains,
css: [],
run_at: "document_start",
js: ["dist/main.js"],
world: "MAIN"
}
]
It used the chrome.runtime API to exchange message with a background script as described in https://developer.chrome.com/docs/extensions/mv3/messaging/ but something changed and isn't described in https://developer.chrome.com/docs/extensions/whatsnew/
Now the chrome object only contains regular properties like loadTimes and csi.
Was this a bug fix and not intended in the first place?
Kind Regards,
Jackie Han
Mar 7, 2023, 7:05:09 PM3/7/23
to William Alford, Chromium Extensions
It was announced in this forum: chrome.runtime will no longer be defined unconditionally in Chrome 106
--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/7ade8466-1847-4969-830c-67b83df824b1n%40chromium.org.
wOxxOm
Mar 7, 2023, 10:33:38 PM3/7/23
to Chromium Extensions, Jackie Han, Chromium Extensions, William Alford
Your script runs in the MAIN world, so it's not really a content script, it's a page script. The documentation doesn't explain what it means:
- no access to the `chrome` API exposed only to the content scripts that run in the default ISOLATED world
- same JS world as the web page makes your data and code open to eavesdropping, spoofing, hijacking via the global objects and prototypes like Object, Array, Function even at document_start thanks to https://crbug.com/1261964
Generally you should avoid using the MAIN world unless you really need to access a JS variable defined in the web page, in which case make a separate small script that extracts this data or calls some API of the page, then use CustomEvent with a unique event id to communicate with your main content script, which runs in the default ISOLATED world. Don't use window.postMessage as your message may break the site's logic.
If safety is not a concern you can force exposure of chrome.runtime.sendMessage in your MAIN page script by adding externally_connectable to manifest.json. When using sendMessage you'll need to specify the extension's id because as explained above your script is not a part of the extension.
William Alford
Mar 8, 2023, 2:34:38 PM3/8/23
to Chromium Extensions, wOxxOm, Jackie Han, Chromium Extensions, William Alford
I see, still weird that it worked up to Chrome 110 so I guess this really was unintentional.
Switching to ISOLATED did the trick, thanks.
Switching to ISOLATED did the trick, thanks.
wOxxOm
Mar 8, 2023, 2:41:32 PM3/8/23
to Chromium Extensions, William Alford, wOxxOm, Jackie Han, Chromium Extensions
Chrome 111 has implemented the support for "world" in manifest.json. In older versions it was simply ignored.
Reply all
Reply to author
Forward
0 new messages