Upcoming changes to frame scripts

Kris Maglione kmaglione at mozilla.com
Thu Aug 9 20:49:01 UTC 2018

On Thu, Aug 09, 2018 at 08:42:11AM +0200, Johann Hofmann wrote:
>I have one slight concern: if I understand correctly, we are aiming to
>remove the ability for chrome-privileged JS to inject frame/content scripts
>on the fly, right? I'm currently working on a Shield study which uses a
>privileged frame script to extract information from the content process it
>would otherwise not have access to. I have seen other Shield studies use
>frame scripts as well.
>Am I right in assuming that future studies would need to land IPDL
>boilerplate in m-c to achieve something like this?

At some point, the current frame script concept will go away, 
and things like shield studies will need to move to an explicit 
actor model, yes. Whether they'll need to be IPDL actors or not 
is an open question.

That said, it will be a while before frame scripts can go away 
entirely, since we use ad-hoc frame scripts pretty extensively 
in tests. But production code will need to migrate as soon as 
possible, regardless of whether frame scripts are supported by 
the platform, since the existing frame script model has 
performance, memory, and security issues that we really need to 
avoid as much as possible.


>On Wed, Aug 8, 2018 at 9:42 PM Felipe G <felipc at gmail.com> wrote:
>> Hello firefox-dev!
>> If you’ve ever written code inside of a frame script, and communicated
>> with it over a message manager, you’re going to want to pay close
>> attention, because the world is about to change.
>> Over the past couple of months we’ve been splitting most of the code from
>> frame scripts into .jsms to load them on demand. We’ve been doing this to
>> improve content process memory consumption as part of the Fission effort,
>> and have been doing this mostly in an ad-hoc way. Bug 1472491 [1] is
>> creating a general structure to solve this class of problem, and moving
>> most of the frame scripts code to this new structure.
>> In short, the messages/listeners/observers will be listed in a declarative
>> way, specifying which module should be loaded and instantiated to respond
>> to these messages.
>> These modules are classes exported from these .jsms, extending an
>> ActorChild class, which has access to the document, the docshell and the
>> message manager. Now you should access them through the class instead of
>> the globals in the frame script. A good example: [2]
>> In order to spread knowledge about this change, we’ll be spreading the
>> reviews from bug 1472491 to several people so that everyone can look at
>> their corresponding areas of the code and see what the changes look like.
>> Let us know if you have any questions or concerns!
>> Also, a note: in a not-so-distant future, the frame scripts are likely to
>> be fully phased out, and once the JS IPDL API is ironed out (Bug 1475415),
>> the messages sent through the message manager will be replaced by real IPC
>> messages.

More information about the firefox-dev mailing list