Jump to content

WebExtensions

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Pmffl (talk | contribs) at 17:52, 29 December 2018 (Chrome Web Store: moving this to the CWS page where it really belongs). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

WebExtensions is an application programming interface (API) for implementing browser extensions that uses the standard web technologies of HTML, CSS, and JavaScript. It was popularized by Google Chrome, which has a large number of extensions, and was later adopted by other browsers, including Firefox and Microsoft Edge.

In December 2018, Microsoft announced that Edge is being rebuilt as a Chromium-based browser,[1][2][3][4] which should provide better extension compatibility with Google Chrome.[5][6] After this transition, Firefox will be the only major browser supporting WebExtensions that is not Chromium-based.

History

Google Chrome origins

WebExtensions were originally introduced by Google in its Chrome browser. On September 9, 2009, Google enabled extensions by default on Chrome's developer channel, and provided several sample extensions for testing.[7] In December 2009, the Google Chrome Extensions Gallery beta began with approximately 300 extensions.[8][9] Google Chrome Extensions Gallery was launched on January 25, 2010 containing over 1500 extensions, along with Google Chrome 4.0 on Windows, which enabled extensions by default.[10] Later, Google Chrome Extensions Gallery was renamed to Chrome Web Store.

Adoption by Microsoft Edge

Microsoft Edge was built on a completely new engines EdgeHTML and Chakra and abandoned Internet Explorer's legacy Trident engine (also known as MSHTML).[11][12][13] Since it is a complete rewrite, it does not support legacy technologies such as ActiveX and Browser Helper Objects, and instead uses WebExtensions. Edge Extensions are delivered via Microsoft Store (formerly known as Windows Store), which as of December 2018 lists 214 extensions.[14]

Although Microsoft Edge WebExtensions implementation aims for interoperability with Google Chrome, some notable differences exist. The API is accessible via browser.* object, instead of chrome.* object like in Google Chrome. Microsoft Edge extension APIs use callbacks, not promises. Absolute paths starting with ms-browser-extension:// in CSS do not work like similar paths in Google Chrome starting with chrome-extension://, developers have to use relative URLs instead.[15] Furthermore, not all features are supported, for example extensions can not specify their Content Security Policy (the corresponding entry in the extension manifest is ignored) and extension is run with the default CSP.[16]

In December 2018 Microsoft announced plans to recreate its Edge browser on Chromium Blink and V8 engines (as opposed to its own EdgeHTML and Chakra).[1][2][3][4] This decision received mixed feedback: it was celebrated as a victory of modern and open source Chromium over proprietary Edge but also criticized as act of surrendering power over Internet to Chromium main developer Google.[17][18] Edge project manager Kyle Alden stated that the move should resolve all the incompatibilities between Edge and Chrome and expressed intent to support "existing Chrome extensions."[5][6] "Existing [Universal Windows Platform] apps (including [Progressive Web Apps] in the Store) will continue to use EdgeHTML/Chakra without interruption", but apps should get an option to use WebView that apps can choose to use based on the new rendering engine.[5]

Adoption by Firefox

On August 21, 2015 Mozilla announced plans to eventually deprecate XPCOM- and XUL-based add-ons and instead introduce support for WebExtensions, to better take advantages of its new multi-process technologies Electrolysis and Servo.[19][20] Mozilla refers to XPCOM- and XUL-based add-ons as legacy add-ons. Shortly after Mozilla announced that Firefox 57.* and newer will be called Firefox Quantum and would no longer support legacy add-ons. Firefox Add-ons restricted upload of legacy add-ons with maximum version set above 56.*[21] All legacy add-ons were removed from Firefox Add-ons in November 2018: the search does not show any legacy add-ons and loading the URLs of individual extension pages returns "page not found" errors.[22] Individual users attempted to enable some legacy add-ons on Firefox Quantum (version 57.* and newer) via a flag and install them from unofficial archives, but those attempts were largely unsuccessful, since some underlying components were removed from Firefox altogether.[23]

W3C working group

In 2015 W3C Browser Extension Community Group was formed "to facilitate discussion between Web Browser vendors, as well as other interested parties, in order to establish a set of standards for interoperable browser extensions" and "ensure actual interoperability rather than mere similarity [to Google Chrome APIs]."[24] Mike Pietraszak from Microsoft became the editor of the draft.[25] However, as of December 2018, the Community Group hasn't published any reports yet;[26] only a Working Draft is available. The Community Group is severely understaffed, so the specification is "lagging behind and a little short on the details".[27] The standard's future is uncertain, since the group is headed by Mike Pietraszak from Microsoft,[25] and Microsoft decided to rebuild Edge on top of Chromium.[1]

Security

According to MDN Web Docs, "Because add-ons run in an environment with elevated privileges relative to ordinary web pages, they present a very serious set of security considerations. They have the potential to open security holes not only in the add-ons themselves, but also in the browser, in web pages, and, in particularly distressing cases, the entire system the browser is running on."[28] Criminals have developed malware that can silently hijack the browser settings, e.g. to change the homepage or inject malware links.[29]

Content Security Policy

WebExtension can specify a Content Security Policy via manifest.json using attribute content_security_policy, or otherwise a default CSP will be applied. Default CSP is script-src 'self'; object-src 'self', which blocks eval() and similar functions, inline JavaScript, and remote scripts and object resources.[30][31] Vendors have different restrictions as to which CSP are allowed for extensions in their stores:[32] Firefox Add-ons disallows "extensions with 'unsafe-eval', 'unsafe-inline', remote scripts, blobs, or remote sources in their CSP ... due to major security issues."[33]

As of December 2018, Microsoft Edge only supports default CSP for all extensions and ignores the content_security_policy attribute.[16]

References

  1. ^ a b c "Microsoft Edge: Making the web better through more open source collaboration". Windows Experience Blog. 2018-12-06. Retrieved 2018-12-14.
  2. ^ a b "Microsoft confirms plan to rebuild Edge browser using Chromium on Windows 10". Windows Central. 2018-12-06. Retrieved 2018-12-14.
  3. ^ a b "Microsoft Edge goes Chromium (and macOS)". TechCrunch. Retrieved 2018-12-14.
  4. ^ a b Keizer, Gregg (2018-12-08). "With move to rebuild Edge atop Google's Chromium, Microsoft raises white flag in browser war". Computerworld. Retrieved 2018-12-14.
  5. ^ a b c "r/Windows10 - Microsoft Edge: Making the web better through more open source collaboration". reddit. Retrieved 2018-12-15.
  6. ^ a b "Microsoft's new Edge browser will support Chrome extensions". Engadget. Retrieved 2018-12-15.
  7. ^ "Extensions Status: On the Runway, Getting Ready for Take-Off". Chromium Blog. Retrieved 2018-12-14.
  8. ^ "Google Chrome for the holidays: Mac, Linux and extensions in beta". Official Google Blog. Retrieved 2018-12-14.
  9. ^ "Extensions beta launched, with over 300 extensions!". Chromium Blog. Retrieved 2018-12-14.
  10. ^ "Over 1,500 new features for Google Chrome". Google Chrome Blog. Retrieved 2018-12-14.
  11. ^ "Project Spartan and the Windows 10 January Preview Build – IEBlog". blogs.msdn.microsoft.com. Retrieved 2018-12-15.
  12. ^ "Living on the edge – our next step in helping the web just work – IEBlog". blogs.msdn.microsoft.com. Retrieved 2018-12-15.
  13. ^ Warren, Tom (2015-01-27). "Microsoft reveals its Internet Explorer successor will support extensions". The Verge. Retrieved 2018-12-15.
  14. ^ "Extensions for Microsoft Edge". Microsoft Store. Retrieved 2018-12-15.
  15. ^ erikadoyle. "Extensions - Supported APIs - Microsoft Edge Development". docs.microsoft.com. Retrieved 2018-12-15.
  16. ^ a b erikadoyle. "Extensions - Supported manifest keys - Microsoft Edge Development". docs.microsoft.com. Retrieved 2018-12-15.
  17. ^ Williams, Owen; Koebler, Jason (2018-12-07). "Microsoft Putting Edge on Chromium Will Fundamentally Change the Web". Motherboard. Retrieved 2018-12-14.
  18. ^ Beard, Chris. "Goodbye, EdgeHTML". The Mozilla Blog. Retrieved 2018-12-17.
  19. ^ "The Future of Developing Firefox Add-ons". Mozilla Add-ons Blog. Retrieved 2018-12-15.
  20. ^ "Mozilla's self-destruct course continues: major add-on compatibility changes announced - gHacks Tech News". www.ghacks.net. Retrieved 2018-12-15.
  21. ^ "Upcoming Changes in Compatibility Features". Mozilla Add-ons Blog. Retrieved 2018-12-15.
  22. ^ "It appears that Mozilla removed all classic extensions from Firefox Add-ons - gHacks Tech News". www.ghacks.net. Retrieved 2018-12-14.
  23. ^ "How to enable legacy extensions in Firefox 57 - gHacks Tech News". www.ghacks.net. Retrieved 2018-12-14.
  24. ^ "Browser Extension Community Group Charter — Browser Extension Community Group". browserext.github.io. Retrieved 2018-12-14.
  25. ^ a b "Browser Extensions". browserext.github.io. Retrieved 2018-12-14.
  26. ^ "Browser Extension Community Group". Retrieved 2018-12-14.
  27. ^ "Re: One question from Florian Rivoal on 2017-07-29 (public-browserext@w3.org from July 2017)". lists.w3.org. Retrieved 2018-12-14.
  28. ^ "Add-on Policies". MDN Web Docs. Retrieved 2018-12-15.
  29. ^ "Don't mess with my browser!". Google Chrome Blog. Retrieved 2018-12-15.
  30. ^ "Content Security Policy". MDN Web Docs. Retrieved 2018-12-15.
  31. ^ "Content Security Policy (CSP) - Google Chrome". developer.chrome.com. Retrieved 2018-12-15.
  32. ^ "Content Security Policy". MDN Web Docs. Retrieved 2018-12-15.
  33. ^ "content_security_policy". MDN Web Docs. Retrieved 2018-12-15.
Retrieved from "https://en.wikipedia.org/w/index.php?title=WebExtensions&oldid=875886896"