|
| 1 | +# Proposal: browser.runtime.onInvalidated event> |
| 2 | + |
| 3 | +** How to Use This Template ** |
| 4 | + |
| 5 | +See [Proposal Process](proposal_process.md) for the detailed process on how to |
| 6 | +propose new APIs and use this template. Each section includes instructions on |
| 7 | +what to include. Delete the instructions for a given section once it's filled |
| 8 | +out. Remove this section once the template is filled out. |
| 9 | + |
| 10 | +**Summary** |
| 11 | + |
| 12 | +`browser.runtime.onInvalidated` |
| 13 | + |
| 14 | +This event allows extension frames and contentScripts to be notified when |
| 15 | +background scripts get invalidated. |
| 16 | + |
| 17 | +**Document Metadata** |
| 18 | + |
| 19 | +**Author:** carlosjeurissen |
| 20 | + |
| 21 | +**Sponsoring Browser:** Chrome |
| 22 | + |
| 23 | +**Contributors:** TBD |
| 24 | + |
| 25 | +**Created:** 2025-03-26 |
| 26 | + |
| 27 | +**Related Issues:** https://github.com/w3c/webextensions/issues/138 |
| 28 | + |
| 29 | +## Motivation |
| 30 | + |
| 31 | +### Objective |
| 32 | + |
| 33 | +This event allows extension frames and contentScripts to be notified when |
| 34 | +background scripts get invalidated. |
| 35 | + |
| 36 | +#### Use Cases |
| 37 | + |
| 38 | +Cleanup of effects in contentScripts. After-invalidated handling of frames. |
| 39 | +For example, know when to use browser.tabs vs window.open. |
| 40 | + |
| 41 | +### Known Consumers |
| 42 | + |
| 43 | +Any extension with a content script which applies certain side effects to the |
| 44 | +web page. |
| 45 | + |
| 46 | +## Specification |
| 47 | + |
| 48 | +### Schema |
| 49 | + |
| 50 | +New onInvalidated event: |
| 51 | +```json |
| 52 | +{ |
| 53 | + "name": "onInvalidated", |
| 54 | + "type": "function", |
| 55 | + "description": "Fired when the extension background scripts get invalidated.", |
| 56 | + "parameters": [ |
| 57 | + { |
| 58 | + "type": "object", |
| 59 | + "name": "details", |
| 60 | + "properties": { |
| 61 | + "reason": { |
| 62 | + "optional": true, |
| 63 | + "$ref": "OnInvalidatedReason", |
| 64 | + "description": "The reason that this event is being dispatched." |
| 65 | + } |
| 66 | + } |
| 67 | + } |
| 68 | + ] |
| 69 | +} |
| 70 | +``` |
| 71 | + |
| 72 | +Optionally gives a reason of type OnInvalidatedReason |
| 73 | + |
| 74 | +OnInvalidatedReason: |
| 75 | + |
| 76 | +```json |
| 77 | +{ |
| 78 | + "id": "OnInvalidatedReason", |
| 79 | + "type": "string", |
| 80 | + "enum": [ |
| 81 | + {"name": "uninstalled", "description": "Specifies the event reason as an uninstallation."}, |
| 82 | + {"name": "update", "description": "Specifies the event reason as an extension update."}, |
| 83 | + {"name": "disabled", "description": "Specifies the event reason as an uninstallation."} |
| 84 | + ], |
| 85 | + "description": "The reason that this event is being dispatched." |
| 86 | +} |
| 87 | +``` |
| 88 | + |
| 89 | +### Behavior |
| 90 | + |
| 91 | +Describe the behavior of the new API if there is anything that is not |
| 92 | +immediately obvious from the schema above. Include descriptions of: |
| 93 | + |
| 94 | +* Behavior on the newly-introduced types and methods. |
| 95 | +The event would be fired when the extension background scripts get invalidated. |
| 96 | +Browsers can optionally pass a reason which allows an extension to determine |
| 97 | +the proper type of event. |
| 98 | + |
| 99 | +### New Permissions |
| 100 | + |
| 101 | +No new permissions introduced. |
| 102 | + |
| 103 | +### Manifest File Changes |
| 104 | + |
| 105 | +No new manifest fields. |
| 106 | + |
| 107 | +## Security and Privacy |
| 108 | + |
| 109 | +### Exposed Sensitive Data |
| 110 | + |
| 111 | +Document any sensitive data or personally-identifiable information the API |
| 112 | +exposes to the extension. |
| 113 | + |
| 114 | +### Abuse Mitigations |
| 115 | + |
| 116 | +Currently extensions could try checking if an API gets thrown with an |
| 117 | +invalidated error. This would allow an extension to figure out if the extension |
| 118 | +is invalidated. No new abuse surface is introduced. |
| 119 | + |
| 120 | +As for the returned reason. The uninstalled reason can not be abused more than |
| 121 | +currently `browser.runtime.setUninstalledURL`. |
| 122 | + |
| 123 | +As for the `update` reason, this can be figured out by attempting to negotiate |
| 124 | +between the old content script and the new content script. |
| 125 | + |
| 126 | +The `disabled` reason could provide additional information. However this seems |
| 127 | +to not be a big abuse surface. |
| 128 | + |
| 129 | +### Additional Security Considerations |
| 130 | + |
| 131 | +Extensions could potentially leak the onInvalidatedReason if they try hard. |
| 132 | +This does not seem to introduce any attack surfaces. |
| 133 | + |
| 134 | +## Alternatives |
| 135 | + |
| 136 | +### Existing Workarounds |
| 137 | + |
| 138 | +An extension could attempt to run an API which throws when an extension is |
| 139 | +invalidated. This is very expensive as it would require to run this API in a |
| 140 | +loop. In addition, the lack of an onInvalidated event leads to many |
| 141 | +extension developers to not deal with the situation in which the background |
| 142 | +scripts are invalidated. Introducing the onInvalidated encourages developers |
| 143 | +to handle these situations. |
| 144 | + |
| 145 | +### Open Web API |
| 146 | + |
| 147 | +There is no viable path to turn this into an Open Web API. |
| 148 | + |
| 149 | +## Implementation Notes |
| 150 | + |
| 151 | +The event should be fired in the situation in which extension APIs would throw |
| 152 | +with an context invalidated error. |
| 153 | + |
| 154 | +## Future Work |
| 155 | + |
| 156 | +Not at this moment |
0 commit comments