|
| 1 | +# Proposal: browser.runtime.onInvalidated event> |
| 2 | + |
| 3 | +** How to Use This Template ** |
| 4 | + |
| 5 | +See [Proposal Process](proposal_process.md) for the detailed process on how to |
| 6 | +propose new APIs and use this template. Each section includes instructions on |
| 7 | +what to include. Delete the instructions for a given section once it's filled |
| 8 | +out. Remove this section once the template is filled out. |
| 9 | + |
| 10 | +**Summary** |
| 11 | + |
| 12 | +`browser.runtime.onInvalidated` |
| 13 | + |
| 14 | +This event allows extension frames and content scripts to be notified when |
| 15 | +context get invalidated. |
| 16 | + |
| 17 | +**Document Metadata** |
| 18 | + |
| 19 | +**Author:** carlosjeurissen |
| 20 | + |
| 21 | +**Sponsoring Browser:** Chrome |
| 22 | + |
| 23 | +**Contributors:** TBD |
| 24 | + |
| 25 | +**Created:** 2025-03-26 |
| 26 | + |
| 27 | +**Related Issues:** https://github.com/w3c/webextensions/issues/138 |
| 28 | + |
| 29 | +## Motivation |
| 30 | + |
| 31 | +### Objective |
| 32 | + |
| 33 | +This event allows extension frames and content scripts to be notified when |
| 34 | +context get invalidated. |
| 35 | + |
| 36 | +#### Use Cases |
| 37 | + |
| 38 | +When the extension context gets invalidated, this means the content script |
| 39 | +or frame can no longer use the chrome APIs or communicate with the extension. |
| 40 | + |
| 41 | +As content script or frame, knowing when this happens is crucial for moving |
| 42 | +forward. Alternatives can be used in this situation, like `window.open` instead |
| 43 | +of `browser.tabs.create`. If moving forward is no option, this event can be |
| 44 | +used for initiating the cleanup of any side effects caused in the frames |
| 45 | +extensions have been operating in. |
| 46 | + |
| 47 | +### Known Consumers |
| 48 | + |
| 49 | +Any extension with a content script which applies certain side effects to the |
| 50 | +web page. |
| 51 | + |
| 52 | +## Specification |
| 53 | + |
| 54 | +### Schema |
| 55 | + |
| 56 | +New onInvalidated event: |
| 57 | +```json |
| 58 | +{ |
| 59 | + "name": "onInvalidated", |
| 60 | + "type": "function", |
| 61 | + "description": "Fired when the extension context get invalidated.", |
| 62 | + "parameters": [ |
| 63 | + { |
| 64 | + "type": "object", |
| 65 | + "name": "details", |
| 66 | + "properties": { |
| 67 | + "reason": { |
| 68 | + "optional": true, |
| 69 | + "$ref": "OnInvalidatedReason", |
| 70 | + "description": "The reason that this event is being dispatched." |
| 71 | + } |
| 72 | + } |
| 73 | + } |
| 74 | + ] |
| 75 | +} |
| 76 | +``` |
| 77 | + |
| 78 | +Optionally gives a reason of type OnInvalidatedReason |
| 79 | + |
| 80 | +OnInvalidatedReason: |
| 81 | + |
| 82 | +```json |
| 83 | +{ |
| 84 | + "id": "OnInvalidatedReason", |
| 85 | + "type": "string", |
| 86 | + "enum": [ |
| 87 | + {"name": "uninstalled", "description": "Specifies the event reason as an uninstallation."}, |
| 88 | + {"name": "update", "description": "Specifies the event reason as an extension update."}, |
| 89 | + {"name": "reload", "description": "Specifies the event reason as an extension reloading."}, |
| 90 | + {"name": "disabled", "description": "Specifies the event reason as an extension disabling."} |
| 91 | + ], |
| 92 | + "description": "The reason that this event is being dispatched." |
| 93 | +} |
| 94 | +``` |
| 95 | + |
| 96 | +### Behavior |
| 97 | + |
| 98 | +The event would be fired when the extension context get invalidated. |
| 99 | +Browsers can optionally pass a reason which allows an extension to determine |
| 100 | +the proper type of event. |
| 101 | + |
| 102 | +### New Permissions |
| 103 | + |
| 104 | +No new permissions introduced. |
| 105 | + |
| 106 | +### Manifest File Changes |
| 107 | + |
| 108 | +No new manifest fields. |
| 109 | + |
| 110 | +## Security and Privacy |
| 111 | + |
| 112 | +### Exposed Sensitive Data |
| 113 | + |
| 114 | +Document any sensitive data or personally-identifiable information the API |
| 115 | +exposes to the extension. |
| 116 | + |
| 117 | +### Abuse Mitigations |
| 118 | + |
| 119 | +Currently extensions could try checking if an API gets thrown with an |
| 120 | +invalidated error. This would allow an extension to figure out if the extension |
| 121 | +is invalidated. No new abuse surface is introduced. |
| 122 | + |
| 123 | +As for the returned reason. The uninstalled reason can not be abused more than |
| 124 | +currently `browser.runtime.setUninstalledURL`. |
| 125 | + |
| 126 | +As for the `update` reason, this can be figured out by attempting to negotiate |
| 127 | +between the old content script and the new content script. |
| 128 | + |
| 129 | +The `disabled` reason could provide additional information. However this seems |
| 130 | +to not be a big abuse surface. |
| 131 | + |
| 132 | +### Additional Security Considerations |
| 133 | + |
| 134 | +Extensions could potentially leak the onInvalidatedReason if they try hard. |
| 135 | +This does not seem to introduce any attack surfaces. |
| 136 | + |
| 137 | +## Alternatives |
| 138 | + |
| 139 | +### Existing Workarounds |
| 140 | + |
| 141 | +An extension could attempt to run an API which throws when an extension is |
| 142 | +invalidated. This is very expensive as it would require to run this API in a |
| 143 | +loop. In addition, the lack of an onInvalidated event leads to many |
| 144 | +extension developers to not deal with the situation in which the context is |
| 145 | +invalidated. Introducing the onInvalidated encourages developers to handle |
| 146 | +these situations. |
| 147 | + |
| 148 | +### Open Web API |
| 149 | + |
| 150 | +There is no viable path to turn this into an Open Web API. |
| 151 | + |
| 152 | +## Implementation Notes |
| 153 | + |
| 154 | +The event should be fired in the situation in which extension APIs would throw |
| 155 | +with an context invalidated error. |
| 156 | + |
| 157 | +## Future Work |
| 158 | + |
| 159 | +Not at this moment |
0 commit comments