[Proposal] Isolated content environment

Isolated content environment proposal (2016)

It would be super-cool to have an isolated environment on each tab. It may be a bit hard technically, but it should make Firefox the best browser for security/privacy ever.

  • This provides a secure and intuitive practice for a common case among the add-ons.
  • This could eliminate many add-on fingerprintability issues beautifully.
  • Isolated resource references (Content scripts can reference and inject add-on resources but webpages can’t)
    • Actually, the number of the cases where webpages themselves need to access add-on resources is small. Just content scripts use them in most cases. We can always make exceptions for minority cases via whitelisting.
  • DOM isolation: webpages can’t see add-on-injected DOM. (Unless explicitly whitelisted, obviously)
  • Isolated privileges (this is mostly managed by sandboxing)

Possibly related:

(I don’t intend to disclose a secret report. I can’t access 1120398, sorry… As the developer of this add-on, I’d appreciate updates on the bug, though.)

… More?

Whitelisting ideas

  • An add-on that wants to use web-exposed content scripts should request the permission explicitly.
  • AMO and Add-on manager show which add-ons have web-exposed content scripts or add-on resources.

Previous posts


I think this is the way to go. Any idea is welcome. I’d like more people to think about this. Thanks.