2

I'm trying to create a Dev Tools panel to inspect the origin private file system, as it's apparently missing from the Storage panel in the latest version (115) of Firefox LTS.

However, when using browser.tabs.executeScript, this code prints "dir.keys() result has 0 entries" to the tab's dev tools console:

/* my_devtools_panel.js */ async function executeScript() { // https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Extending_the_developer_tools#running_code_in_the_target_window return await browser.runtime.sendMessage({ command: 'executeScript', arguments: Array.from(arguments) }); } let dir_ls = await executeScript( browser.devtools.inspectedWindow.tabId, // TODO is there any way to do this short of "<all_urls>"? { code: `(async () => { // TRY PASTING THIS BLOCK OF CODE DIRECTLY INTO THE DEV TOOLS CONSOLE INSTEAD: let dir = await navigator.storage.getDirectory(); console.debug("Browser directory: %o", dir); let dir_ls = await Array.fromAsync(dir.keys()); console.debug("dir.keys() result has %d entries: %o", dir_ls.length, dir_ls); return dir_ls; })()`, runAt: 'document_start' } ).then((result) => result[0]); debugger; document.body.appendChild(document.createTextNode(`[${dir_ls.join()}] (length: ${dir_ls.length})`)); 
/* background.js */ browser.runtime.onMessage.addListener((message, sender, sendResponse) => { // https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Extending_the_developer_tools#running_code_in_the_target_window switch (sender.id) { case browser.runtime.id: switch (message.command) { case 'executeScript': return browser.tabs.executeScript(...message.arguments); } } });

I do in fact have an entry in that folder, and if I paste that "code" script into the tab's dev tools console directly it's found.

What am I doing wrong?

Improve this question
4
  • This code runs in the isolated world of the content scripts, whereas manually running code in console uses the main world of the web page. A possible solution is to use browser.devtools.inspectedWindow.eval directly inside your panel (or in your devtools page script) instead of messaging+executeScript. Commented Jun 18, 2024 at 21:13
  • @woxxom So the issue is that content scripts themselves just can't directly access OPFS? I was using browser.tabs.executeScript at the recommendation of MDN as they seemed to imply it's the only way to prevent hostile pages from hijacking the functions and spoofing their results. If I must use browser.devtools.inspectedWindow.eval, how can I prevent a hostile page from tampering with the results? Commented Jun 18, 2024 at 21:18
  • 1
    If that's a concern you'll have to do what Violentmonkey does: the content script creates an iframe and synchronously runs code in the main page that uses the methods/prototypes from the iframe. Commented Jun 18, 2024 at 21:22
  • 1
    A better method might be to add an iframe in the background script (or in devtools page script) pointing to the site and rewrite its html response using browser.webRequest to an empty page, then you'll run code in the MAIN world of the iframe and read OPFS. Commented Jun 18, 2024 at 21:25
Load 7 more related questions Show fewer related questions

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.