Menu
I have finished coding my extension for Chrome and FireFox (WebExtensions). I have used window.postMessage() for communication between website script and the extension and everything works.
But now I am reading that there are methods by chrome (https://developer.chrome.com/extensions/messaging) like chrome.runtime.sendMessage()to send messages. Will my extension be rejected if I use window.postMessage() so I have to recode everything?
294
Security-Reviewing Uses of postMessage()postMessage is generally considered very secure as long as the programmer is careful to check the origin and source of an arriving message. Acting on a message without verifying its source opens a vector for cross-site scripting attacks.
postMessage() The window. postMessage() method safely enables cross-origin communication between Window objects; e.g., between a page and a pop-up that it spawned, or between a page and an iframe embedded within it.
No, the content scripts will NOT execute in the iframes loaded dynamically via JavaScript in the page.
SendMessage: Sends a message and waits until the procedure which is responsible for the message finishes and returns. PostMessage: Sends a message to the message queue and returns immediately.
Yes, this is a perfectly valid way of communication - between a page and a content script.
In fact, if you look at the Content Script documentation, it lists postMessage as a way of communication to the content script.
The method described at the Messaging documentation allows to cut out the content script as a middleman, and provides some degree authentication for messages (only the indended recipient will receive them), providing you configured "externally_connectable".
But "externally_connectable" is not supported in Firefox yet, and I can't quickly find a bug that tracks its implementation.
185
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
