8000 Using lodash in browser extension · Issue #5934 · lodash/lodash · GitHub
[go: up one dir, main page]
Skip to content

Using lodash in browser extension #5934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
7A39
dhakehurst opened this issue Oct 18, 2024 · 0 comments
Open

Using lodash in browser extension #5934

dhakehurst opened this issue Oct 18, 2024 · 0 comments

Comments

@dhakehurst
Copy link

Hi,
I'm trying to inject a content-script from a browser extension.
The script uses ckeditor5 which uses lodash-es.
The whole content-script is bundled using 'rollup' before use.

The content-script works fine in the Chrome browser, but not in Firefox.

The failure seems to be with respect to the use of lodash.
I have detected two issues,

  1. code from _root.js
/** Detect free variable `self`. */
var freeSelf = typeof self == 'object' && self && self.Object === Object && self;

/** Used as a reference to the global object. */
var root = freeGlobal || freeSelf || Function('return this')();

In Chrome, freeSelf is detected - seems to be the value window.
However, in Firefox freeSelf & freeGlobal are false and thus the scrip tries to execute Function('return this')() which is not allowed by CSP in the context of a content-script.

  1. If I replace the Function('return this')() with window
    I the get a failure with new DataView(new ArrayBuffer(1)) from _getTag.js
    Error: Permission denied to access object

any suggestions or help gratefully received.
thanks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dhakehurst
0