Page script Promise: Permission denied to access object from content script

thor.lucas · February 24, 2021, 2:24am

So I’m interacting with a known secure page and I need to see it’s expando properties.

So in my content script I write,

var foo = window.wrappedJSObject.Foo;

// This is a promise. I can print it to the console
// and see that it successfully fetches and executes the promise.
var bar_promise = foo.bar();
console.log(bar_promise);

// However, I don't have permission to do this:
bar_promise.then((x) => { console.log(x) });

Why can’t I do this? I get Uncaught (in promise) Error: Permission denied to access object

freaktechnik · February 24, 2021, 9:14am

This is an issue with the console you’re looking at not having the permission to inspect the logged object, as far as I understand.

anon48797620 · February 28, 2021, 3:26am

I don’t know much about this and messed around a bit with it some time ago (with some direction from @freaktechnik concerning the same error); but don’t you have to do more to pass the content script’s object to the page script’s function to get it to run?

I think it is as:

A content script can invoke a function (page_script_func) declared in the page script and pass it an argument object, as follows.

w = document.defaultView;
w.wrappedJSObject.page_script_func( cloneInto( { 'a' : data }, w ) );

and it’ll run as if the content script’s object was passed to the page script and run there.

I don’t think you can just place the content script’s data as a function argument to run in the page script’s scope without the cloneInto.

This may be a useful reference.
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Sharing_objects_with_page_scripts#cloneinto