activeTab manifest v3 doesn't work for my double click menu
2,204 views
Skip to first unread message
Stefan vd
Feb 28, 2019, 1:14:53 PM2/28/19
to Chromium Extensions
Hi there,
It is the developer of the most popular Turn Off the Lights Chrome extension. And on the Manifest V3 document, it said that my Chrome extension should use the activeTab permission.
I agree to the limit the permissions. However, I can not use the activeTab permission is too limit because this breaks my own double click menu (when you click double on the gray lamp button, you see a new popup window to customize this dark layer). And the activeTab permission will not detect the current tab tab.url. It shows just the result = undefined.
chrome.tabs.onHighlighted.addListener(function(o) { tabId = o.tabIds[0];
chrome.tabs.get(tabId, function(tab) {
if(tab.url){
console.log("yes " + tab.url);
}else{
console.log("no " + tab.url);
}
});
});
When I use the Tabs permission, this feature works well.
Also, other FAIL when I use the activeTab permission:
- to dim automatically the page when the user clicks on the play button (it show an error in the background page).
- the Eye protection feature, that adds a dark layer on all the open tab pages.
- the AutoStop feature, to stop those automatically playing HTML5 videos.
- Camera Motion feature.
- Speech Recognition feature.
If you know another idea/suggestions to get this information with the activeTab permission (<- to get the double click working). Please let me know.
Thanks,
Stefan
Simeon Vincent
Feb 28, 2019, 11:29:34 PM2/28/19
to Chromium Extensions
Hey Stefan,
The "activeTab" permission requires the user to take affirmative action such as clicking the browser action in order to grant temporary host permissions. Unfortunately temporary permissions don't seem to play nicely with tabs properties onHighlighted and onActivated. I'll have to check in with the team tomorrow to see if that's intentional.
In the mean time it's still possible to detect page visibility changes with message passing & the page visibility API.
chrome.runtime.onMessage.addListener(function(request, sender, sendResponse) {
console.log({
hidden: request.hidden,
url: sender.tab.url,
});
});
chrome.browserAction.onClicked.addListener(function() {
chrome.tabs.executeScript({
code: `
function handleVisibilityChange() {
chrome.runtime.sendMessage({hidden: document.hidden});
}
document.addEventListener('visibilitychange', handleVisibilityChange, false);
`
});
});
The "tabs" permission is a bit weird as it's simply gives your extension access to the url, title, and favIconUrl properties of Tab. The rest of the functionality of the tabs API doesn't require this permission.
Right now the best way to do things like add custom UI to the page or detect when the user clicks play on a video is to declare a content script in the manifest & have it be injected on matching hosts hosts. The activeTab approach has you injecting your content script with chrome.tabs.executeScript() in response to user action like clicking the browser action or selecting your extension from the context menu. This works for some extensions, but it's more limited than we'd like. More to come on this front.
Simeon
Chrome Developer Advocate
Stefan vd
Mar 1, 2019, 5:28:06 AM3/1/19
to Chromium Extensions
Hi Simeon,
Thank you for your reply!
I am currently testing my new Chrome extension version, and I found the solution for my double click menu with the activeTab permission.
The "tabs" permission is a bit weird as it's simply gives your extension access to the url, title, and favIconUrl properties of Tab. The rest of the functionality of the tabs API doesn't require this permission.
For example, my AutoPlay feature (dim automatically the page when the user clicks on the play button) that send automatically a message to the background script. And from the background script that sends the correct file to sender.tab. However, that fails when I use the activeTab permission.
Also, I need to detect the current URL so that the feature can only work on for example on the youtube.com website.
Thanks,
Stefan
Simeon Vincent
Mar 1, 2019, 9:04:56 PM3/1/19
to Chromium Extensions
Let's take a step back. What are you trying to accomplish by using activeTab? Are you trying to replace "tabs" with "activeTab" or something else?
Simeon – @dotproto
Extensions Developer Advocate
Stefan vd
Mar 2, 2019, 5:41:28 AM3/2/19
to Chromium Extensions
Hi Simeon,
Currently the Turn Off the Lights Chrome extension is using the "tabs", "<all_urls>" permissions. And Google suggested on the Manifest V3 document that this Chrome extension should use the "activeTab" permission.
My goal with the new extension version is to get everything working with the "activeTab" permission.
Simeon Vincent
Mar 4, 2019, 7:24:27 PM3/4/19
to Chromium Extensions
Ah, okay. The "<all_urls>" permission allows you to modify all hosts and "tabs" gives you passive access to tab.url.
"activeTab" is a fundamentally different. With this permission, your extension will only receive temporary permissions when the user performs an action like clicking the browserAction or selecting a context menu entry for your extension. The intent is that the user is explicitly giving your extension permission to act on their behalf at specific times.
One of the drawbacks to the activeTab approach is that UI injected via content scripts declared in your manifest probably won't work correctly. It sounds like several of the content scripts in your extension assume they always have the "tabs" or "<all_urls>" permissions. In an activeTab world you won't get those permissions until the user explicitly invokes your extension. If possible, I'd recommend injecting content scripts in response to a chrome.browserAction.onClicked event. This will ensure that the content scripts have the permissions they expect when the user clicks them.
As a final note, if you remove "<all_urls>" but still have content scripts with a "matches" rule of ["http://*/*", "https://*/*"], your extension will still display a warning during install stating that it can "Read and change all your data on the websites you visit."
Stefan vd
Mar 5, 2019, 5:31:23 AM3/5/19
to Chromium Extensions
Hi Simeon,
Thank you for your explanation about the "activeTab" permission.
But it is a bad user experience (UX) for my user if they always need to click on the browserAction button, to get this content script to work on the current web page.
For example, in the Turn Off the Lights Chrome extension there is a feature to dims the web page and highlight the video player when the user clicks on the HTML5 video play button. With the suggestion you provided, it is a click on the browserAction button. And then a click on the video play button. That is a step too much and result in unhappy users. My users ask for a simple UX and I want to keep this in the Turn Off the Lights Chrome extension.
Unfortunately temporary permissions don't seem to play nicely with tabs properties onHighlighted and onActivated. I'll have to check in with the team tomorrow to see if that's intentional.
I didn't get an answer to this question, as that can solve the issue with my other features that using the "tabs", "<all_urls>" permissions. With a highlighted tab, I can read the current status to enable this script function or not.
Simeon Vincent
Mar 5, 2019, 8:50:22 PM3/5/19
to Chromium Extensions
> But it is a bad user experience (UX) for my user if they always need to click on the browserAction button, to get this content script to work on the current web page
I completely agree, that's why I wanted to clearly explain the tradeoffs. Given how your extension works and the current limitations of activeTab, this probably isn't the right approach for you today. The extensions team thinking about ways to address these limitations but that's still a bit out.
Patrick Stark
Mar 6, 2019, 8:40:52 PM3/6/19
to Chromium Extensions
Hi Simeon,
"Turn Off the Lights", but why this extension need "tabs" and "<all_urls>" permissions,
why this extension injecting scripts into every web page, every iframe and do this
without end user knowledge?
I think functionality of this extension "expanded" to the point of absurdity and for developer
personal goals only, not end users (and I have the facts to think so).
Possible, to collect data on <all_urls> and inject scripts with unknown functionality into all "tabs".
Chrome team need stop such practices..
"Turn Off the Lights" - click on Browser Action button > user approval > dim a web page. And nothing more!
To do this "activeTab" is quite enough. What else is there to discuss?
Simeon Vincent
Mar 6, 2019, 10:21:54 PM3/6/19
to Chromium Extensions
There's a balance to strike between UX and security. See 2-factor authentication for a real-world example of this tradeoff in action. 2-factor solutions were around for years but didn't see much adoption outside of operationally-sensitive environments. Why? They were too fiddly, inconvenient, and otherwise annoying. That all started changing with the mass-market adoption of smartphones. In short order people were constantly holding personal computers that could be used to verify they were actually in control of their account. And even then it took a few years of iterating on authenticator UX before the experience was smooth enough for the average user.
Passive, extension-specific UI is an important use case. At the moment the only way for an extension to passively inform the user in-context that it can do something is for the extension to declaratively inject a content script on the page to add some UI and event handlers. We can, should, and are doing more to make extensions trustworthy by default. Many of the changes we're planning to make in Manifest V3 are in support of this mission. Passive extension UI is something we're working on addressing, but today there's not a solve for this use case.
Stefan vd
Mar 7, 2019, 5:42:20 AM3/7/19
to Chromium Extensions
Hi everyone,
Let me first say that this "Patrick Stark" is not a real person but the competition developer Magic Actions for YouTube™. That write fake 1 star reviews on my Turn Off the Lights Chrome extensions since the year 2015. And try to damage my Turn Off the Lights Chrome extension.
See what he is doing now on my Turn Off the Lights Chrome extension review page:
source: https://chrome.google.com/webstore/detail/turn-off-the-lights/bfbmjmiodbnnpllbbbfblcplfjjepjdn
That is all fake accounts: "Miriam Lewis", "Patrick Stark", "Susan Wernnerr" from the Magic Actions for YouTube™ developer.
You can get the total list of fake accounts on this Reddit platform:
This developer is trying to damaging my Turn Off the Lights Open Source browser extension. And write false information to my new users, that try to avoid to install my Turn Off the Lights Chrome extension.
Let me say this again, I take the privacy of my users very seriously and I think ahead for my users. That to get the best user experience and to use fewer permissions if possible. I am building my extension with the user feedback that I get on the review and on my support page. The Turn Off the Lights Chrome extension will not show any popup messages to my users and it does not track the user activity. And there is no Google Analytic file in the Chrome extension.
And your Chrome extension "Patrick Stark", or must I say now your real name Serge Strukoff developer of the Magic Actions for YouTube™ Chrome extension. You show many popup messages to your users for each Chrome update, "that you are using an old browser version", track the YouTube videos they are watching, and you writing fake 5 stars reviews on your own Chrome extensions. That to manipulate the Chrome web store review section.
That is not allowed in the Chrome web store (manipulate the Chrome web store reviews) and you are violating the program policy.https://developer.chrome.com/webstore/program_policies
Patrick Stark
Mar 7, 2019, 11:52:12 AM3/7/19
to Chromium Extensions
Sorry for the offtop,
@Stefan, First of all, I'm not Serge Strukoff and you have paranoia.
Second, your extension Turn Off the Lights actually sucks and it doesn't work as featured in the description.
Now I understand why you need <all_urls> and "tabs" permissions and how is Magic Actions related
to this topic. Because you are mimics and disrupting another extensions work and misleading people
everywhere as Google Top Contributor! The posts you have in your extension reviews are true, I have screenshots, :
After access to YouTube account, your application automatically subscribed me (users) to their channels without users consent.
I have rep[orted this to YouTube team. But Google not to do anything to prevent such bad activity, because you are "Google Expert"!
This is awful.
By the way, I wrote to the Magic Actions developers about this topic, because I think you lie everywhere, despite the fact that you are Google Top Contributor.
Patrick Stark
Mar 7, 2019, 12:09:13 PM3/7/19
to Chromium Extensions
@Stefan The posts you have in your extension Turn Off the Lights reviews are true, I have screenshots,
After access to YouTube account, your application automatically subscribed me (users) to their channels and without my consent (users) consent:
https://yapics.com/a3207Kzo203
Now I understand why you hide subscribers count on your YouTube channels.
Now I understand why you hide subscribers count on your YouTube channels.
On Thursday, March 7, 2019 at 12:42:20 PM UTC+2, Stefan vd wrote:
Stefan vd
Mar 7, 2019, 1:29:58 PM3/7/19
to Chromium Extensions
Hi there,
@Stefan, First of all, I'm not Serge Strukoff and you have paranoia.
Again you try to mislead the users (and developers), and your type of writing is the same as Serge Strukoff.
There is clear evidence that you are this same person, and you creating these fake reviews. Here one of the hard proofs:
Because on the same time, all the other fake comments come to life on my Turn Off the Lights Chrome extension review page (such as "Susan Wernnerr", "Miriam Lewis", "Den Makerr").
All with the same false information. Even your "Den Makerr" account, share the same message and with a screenshot. But with "Patrick Stark" email inside that screenshot (patrick....@gmail.com). hm... that is not safe that this "Den Makerr" person is using your Google account to see this Google Sign in permission message.
You own all this fakes accounts and write fake 1-star reviews on my Turn Off the Lights Chrome extension review page.
About that screenshots
You see this permission only if the user uses the Google sign in button. And the Google Cloud review team this system before it makes the app public. You as a user can easily accept it or revoke this permission.
Second, your extension Turn Off the Lights actually sucks and it doesn't work as featured in the description.
You are free to use the Turn Off the Lights Chrome extension. And if you don't like it, you can always uninstall the Chrome extension on the Chrome://extensions page. There is no need to write and update your fake reviews each week/month on my Turn Off the Lights Chrome extension. But you are still doing this, so you are doing this for a reason. And that is to manipulate the Chrome web store and try to damage my open source extension.
And this is the description text of the most popular Turn Off the Lights Chrome extension:
"The entire page will be fading to dark, so you can watch the videos as if you were in the cinema. Works for YouTube™ and beyond."
It clearly describes the action when you click on the gray lamp button. That it is slowly going to a dark background and highlight only the video player. If something doesn't work well, you can try to disable the other Chrome extensions you are using. And if you still experience this issue, you can contact us on this support page:
And we are happy to help you there further.
Now I understand why you need <all_urls> and "tabs" permissions and how is Magic Actions related
to this topic. Because you are mimics and disrupting another extensions work and misleading people
everywhere as Google Top Contributor!
The <all_urls> is needed to get this working on HTTPS, HTTP websites and also on your computer files. Such as a local HTML document, and with a single click on the gray lamp button they can dim the web page. That reduces the bright light (-> white background) that is shining in their eyes.
By the way, I wrote to the Magic Actions developers about this topic, because I think you lie everywhere, despite the fact that you are Google Top Contributor.
You think, well I can say you clearly I tell the truth. And you are trying to mislead everyone with false information. The Google Product Expert is about helping users who have an issue with the Google Chrome web browser. And I provide my knowledge to help those users. Just like many others, this does for this developer group.
@Simeon
You can close this topic. I will wait for the further development news of the Google Chrome extension manifest v3.
Serge Strukoff
Mar 7, 2019, 2:12:19 PM3/7/19
to Chromium Extensions
Hi everyone,
My name is Serge, and I am one of the developers of Magic Actions for YouTube™ browser extension https://www.mycinema.pro/
Our extension is checked and tested by qualified team of Chrome Web Store. No viruses, no spyware, no badware, no adware, no hijacks!
Magic Actions privacy policy: https://www.chromeactions.com/magic-actions-privacy-policy.html
Why is "Stefan vd" trying to defame our project and my name without facts? It's not normal and unethical!!!
If you have any questions for me, please contact me directly!
As I understand.. the question of this topic is... Why TOTL extension need "tabs" and "<all_urls>" permissions, why this extension injecting scripts into every web page, every iframe and do this without end user knowledge?
Hey "Stefan vd", just answer it.
Sincerely,
Serge Strukoff
Patrick Stark
Mar 7, 2019, 2:32:05 PM3/7/19
to Chromium Extensions
Hi everyone,
@Stefan vd You did not answer the question why your "Turn Off The Lights" extension needs permissions like <all_urls> and "tabs",
why your extension collect browsing activity and mimics another extensions work?
How your extensions activity affecting Google Ads iframes, Google Analytics...and Google+?
And why you have created product with identical name as competitors i.e Magic Actions for Google Actions and misleading people about competitors' product:
and automatically subscribed users to application related channels on YouTube without users knowledge.
Possible, this app do another illegal activity due to full access rights to an user account, Google can easily check this:
Stefan vd uses Google Top Contributor and ChromeTC names to promote his products:
and disrupt another extensions work around the web, on the turnoffthelights.com and on Chrome Help Forums:
Google need check this developer and Google Top Contributor activity and take an appropriate action.
Stefan vd
Mar 7, 2019, 2:39:45 PM3/7/19
to Chromium Extensions
Hi there,
Why is "Stefan vd" trying to defame our project and my name without facts? It's not normal and unethical!!!
I am not trying to defame your project, and I do not write fake 1-star reviews. You try to damage my Turn Off the Lights with your "Patrick Stark" forum account that was just created today in this Chromium extension developer forum.
And if you care about your users, then solve the issue what your users asking for. And that is to remove this popup message.
If you have any questions for me, please contact me directly!
I have no questions. I only ask you to stop writing fake 1-star reviews on my Turn Off the Lights Chrome extension and my other Chrome extensions. And remove today all your fake reviews on my Chrome extensions.
As I understand.. the question of this topic is... Why TOTL extension need "tabs" and "<all_urls>" permissions, why this extension injecting scripts into every web page, every iframe and do this without end user knowledge?
I did explain this topic in the previous email. In the Turn Off the Lights Chrome extension, I use the "tabs" to automatically dim the web page when the user click on the HTML5 video player play button. Without this function, I can not send the action to dims that web page.
And the "<all_urls>" (that is with the HTTP, HTTPS inside). I need this to detect all websites and also your local file. For example, when the user has a local HTML file, he/she can also dim this web page.
Stefan vd
Mar 7, 2019, 2:50:18 PM3/7/19
to Chromium Extensions
Hi there,
@Stefan vd You did not answer the question why your "Turn Off The Lights" extension needs permissions like <all_urls> and "tabs",
why your extension collect browsing activity and mimics another extensions work?
See my previous post.
How your extensions activity affecting Google Ads iframes, Google Analytics...and Google+?
The Turn Off the Lights Chrome extension search only for the HTML <video> element, and the <iframe> element (from the video platforms). And push this element higher on the z-index dark layer.
And why you have created product with identical name as competitors i.e Magic Actions for Google Actions and misleading people about competitors' product:
https://www.stefanvd.net/project/magic-actions/index.htm
Magic Actions fit the name for my personal Google assistant action, and it is not a trademark. I am free to use it.
Stefan vd uses Google Top Contributor and ChromeTC names to promote his products:
Reddit is not an official Google forum. And I may suggest to the user to use this extension if that can solve his problem.
and disrupt another extensions work around the web, on the turnoffthelights.com and on Chrome Help Forums:
If my website detects something that changes the layout of my website, it will show a friendly message on how to solve this issue.
Thanks,
Stefan
Simeon Vincent
Mar 7, 2019, 2:52:32 PM3/7/19
to Chromium Extensions
Welp, this has descended pretty quickly. Locking the thread.
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages