Thanks woxxom,
The postMessage actually sounds fine, something like this seems to work:
iframe.contentWindow.postMessage({type: 'name', yourName: 'some_random_id'}, '*');
BUT, with that asterisk it's almost guaranteed to be rejected by Firefox reviewer, it happened to me before some years ago when I didn't know what it does.
I could argue that the "data leak" is only a random ID, but I guess the reviewer could argue that the malicious page can now detect that user has your extension installed which surely breaks some privacy policy...
UPDATE: But wait, I don't have to use the star, I can target the iframe origin and my script can still receive it!
The sequential load sounds OK, but it means I need need to change my iframe creation, which won't be trivial.
Plus this brings huge complexity and makes the code flow totally unreadable. And I don't even want to think about edge cases like page load timeouts, errors or redirects.
If I may have a minute more of your time, what would the "best" solution look like? (if I wanted to raise this in w3c repository)
For example, imagine this code:
const {resolve, promise} = Promise.withResolvers();
const iframe = Object.assign(document.createElement('iframe'), {
src: 'about:blank',
onload: resolve,
});
document.body.appendChild(iframe);
await promise;
// At this point, I want to send it a message, but how do I target this specific iframe? I need it's "frameId"!
// Maybe something like this?
const frameId = await browser.webNavigation.getFrameByElement(iframe);
Although I would love to avoid "webNavigation" permission, but I can't of a better namespace where this would fit better.
But anyway, you see how nice and readable this code is? :)