plasmo icon indicating copy to clipboard operation
plasmo copied to clipboard

Published 20 hours ago • verified publisher icon PlasmoHQ

[RFC] Content Script UI on click with activeTab permission only

Open jeroenbernaerts opened this issue 1 year ago • 4 comments

How do you envision this feature/change to look/work like?

Instead of providing match URLs in PlasmoCSConfig, allow a UI (ex. react component) to be mounted when the extension icon is clicked, on thus activeTab permission is acquired; https://developer.chrome.com/docs/extensions/get-started/tutorial/scripts-activetab#active-tab

What is the purpose of this change/feature? Why?

By using the URL match approach, a warning is triggered when installing the extension (see example). It is encouraged to use activeTab permissions. The content script will always be injected on the matching URLs, some extensions might only need to inject scripts on (extension icon) click action.

Mixmax-Extension-Permissions-web

(OPTIONAL) Example implementations

Option to leave matches key empty in CS(UI) (or not use PlasmoCSConfig at all)

export const config: PlasmoCSConfig = {
  matches: []
};

Trigger the UI injection from background service worker

chrome.action.onClicked.addListener(async (tab) => {
    // Any code before injection (check URL, ...)
    // Invoke UI injection of some Plasmo CSUI
}

(OPTIONAL) Contribution

  • [ ] I would like to contribute to this RFC via a PR

Verify canary release

  • [X] I verified that the issue exists in plasmo canary release

Code of Conduct

  • [X] I agree to follow this project's Code of Conduct
  • [X] I checked the current issues for duplicate problems.

jeroenbernaerts avatar Feb 05 '24 12:02 jeroenbernaerts

wouldn’t that require scripts permission? because the declaration would not exist in the manifest, i believe you would now have to inject via scripts which adds a whole new warning to users on install. activeTab only gives the background worker permission to read the url, icon, and title of the page. or at least this is my understanding of how V3 works.

anyone else have a take on this?

deavial avatar Feb 05 '24 19:02 deavial

wouldn’t that require scripts permission? because the declaration would not exist in the manifest, i believe you would now have to inject via scripts which adds a whole new warning to users on install. activeTab only gives the background worker permission to read the url, icon, and title of the page. or at least this is my understanding of how V3 works.

anyone else have a take on this?

It does require "scripting" permission but that does not trigger a warning. See the list of permissions and their warnings: https://developer.chrome.com/docs/extensions/reference/permissions-list

If you combine that permission with "activeTab", you can inject a content script (UI) in tab where the user has activated the extension (ex. by clicking on the extension icon)

see: https://developer.chrome.com/docs/extensions/reference/api/scripting#manifest

(This feature would also enable you to use optional permissions and inject the script only after the optional permission is prompted and accepted.)

jeroenbernaerts avatar Feb 17 '24 14:02 jeroenbernaerts

Is there a suggested "workaround" way to achieve this? I need to run my script only when the icon has been clicked

mrvdot avatar Apr 07 '24 21:04 mrvdot

I also have the same problem and want to inject content script by user action. Any possible workaround?

rezamajidi avatar Jun 29 '24 10:06 rezamajidi