|
1 | 1 | # Content scope scripts |
2 | 2 |
|
| 3 | +Content Scope Scripts handles injecting in DOM modifications in a browser context; it's a cross platform solution that requires some minimal platform hooks. |
3 | 4 |
|
4 | | -## What is this |
| 5 | +## Content Scope Features API |
5 | 6 |
|
6 | | -These are a series of scripts that can be injected into the context of a page and change features of the browser. |
| 7 | +Each platform calls into the API exposed by content-scope-features.js where the relevant JavaScript file is included from features/. This file loads the relevant platform enabled features. The platform itself should adhere to the features lifecycle when implementing. |
7 | 8 |
|
8 | | -This is *very beta* however to see the code in action instead look in the duckduckgo extension |
| 9 | +The exposed API is a global called contentScopeFeatures and has three methods: |
| 10 | +- load |
| 11 | + - Calls the load method on all of the features |
| 12 | +- init |
| 13 | + - Calls the init method on all of the features |
| 14 | + - This should be passed the arguments object which has the following keys: |
| 15 | + - 'debug' true if debuging should be enabled |
| 16 | + - 'globalPrivacyControlValue' false if the user has disabled GPC. |
| 17 | + - 'sessionKey' a unique session based key. |
| 18 | + - 'cookie' TODO |
| 19 | + - 'site' which is an object with: |
| 20 | + - 'isBroken' true if remote config has an exception. |
| 21 | + - 'allowlisted' true if the user has disabled protections. |
| 22 | + - 'domain' the hostname of the site in the URL bar |
| 23 | + - 'enabledFeatures' this is an array of features/ to enable |
| 24 | +- update |
| 25 | + - Calls the update method on all of the features |
9 | 26 |
|
10 | | -The files are built into build/ for a simple build process |
| 27 | +## Features |
| 28 | + |
| 29 | +These files stored in the features directory must include an init function and optionally update and load explained in the features lifecycle. |
| 30 | + |
| 31 | +## Features Lifecycle |
| 32 | + |
| 33 | +There are three stages that the content scope code is hooked into the platform: |
| 34 | +- load |
| 35 | + - This should be reserved for work that should happen that could cause a delay in loading the feature. |
| 36 | + - Given the current limitations of how we inject our code we don't have the Privacy Remote Configuration exceptions so authors should be wary of actually loading anything that would modify the page (and potentially breaking it). |
| 37 | + - This limitation may be re-addressed in manifest v3 |
| 38 | + - One exception here is the first party cookie protections that are triggered on init to prevent race conditions. |
| 39 | +- init |
| 40 | + - This is the main place that features are actually loaded into the extension. |
| 41 | +- update |
| 42 | + - This allows the feature to be sent updates from the browser. |
| 43 | + - If this is triggered before init, these updates will be queued and triggered straight after. |
| 44 | + |
| 45 | +### Platform specific integration details |
| 46 | + |
| 47 | +The [inject/](https://github.com/duckduckgo/content-scope-scripts/tree/main/inject) directory handles platform specific differences and is glue code into calling the contentScopeFeatures API. |
| 48 | + |
| 49 | +- In Firefox the code is loaded as a standard extension content script. |
| 50 | +- For Apple the code is a UserScript that has some string replacements for properties and loads in as the page scope. |
| 51 | + - Note: currently we don't implement the update calls as it's only required by cookie protections which we don't implement. |
| 52 | +- All other browsers the code is stringified, base64 encoded and injected in as a self deleting <script> tag. |
| 53 | + |
| 54 | +In the built output you will see these dramatic differences in the bundled code which is created into: /build |
| 55 | + |
| 56 | +### Features scope injection utilities |
| 57 | + |
| 58 | +To handle the difference in scope injection we expose multiple utilities which behave differently per browser in src/utils.js. for Firefox the code exposed handles [xrays correctly](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Sharing_objects_with_page_scripts) without needing the features to be authored differently. |
| 59 | + |
| 60 | +- defineProperty |
| 61 | + - defineProperty(object, propertyName, descriptor) behaves the same as Object.defineProperty(object, propertyName, descriptor) |
| 62 | + - The difference is for Firefox we export the relevant functions so it can go across the xray |
| 63 | +- DDGProxy |
| 64 | + - Behaves a lot like new window.Proxy with a few differences: |
| 65 | + - has an overload function to actually apply the function to the native property. |
| 66 | + - Stores the native original property in _native such that it can be called elsewhere if needed without going through the proxy. |
| 67 | +- DDGReflect |
| 68 | + - Calls into wrappedJSObject.Reflect for Firefox but otherwise exactly the same as [window.Reflect](Sources/BrowserServicesKit/UserScript/ContentScopeUserScript.swift) |
0 commit comments