E428 Using lodash in browser extension · Issue #5934 · lodash/lodash · GitHub
[go: up one dir, main page]
Skip to content

Using lodash in browser extension #5934

New issue
New issue
Closed
Closed
Using lodash in browser extension#5934
Labels
question
@dhakehurst

Description

@dhakehurst
dhakehurst
opened on Oct 18, 2024

Hi,
I'm trying to inject a content-script from a browser extension.
The script uses ckeditor5 which uses lodash-es.
The whole content-script is bundled using 'rollup' before use.

The content-script works fine in the Chrome browser, but not in Firefox.

The failure seems to be with respect to the use of lodash.
I have detected two issues,

  1. code from _root.js
/** Detect free variable `self`. */
var freeSelf = typeof self == 'object' && self && self.Object === Object && self;

/** Used as a reference to the global object. */
var root = freeGlobal || freeSelf || Function('return this')();

In Chrome, freeSelf is detected - seems to be the value window.
However, in Firefox freeSelf & freeGlobal are false and thus the scrip tries to execute Function('return this')() which is not allowed by CSP in the context of a content-script.

  1. If I replace the Function('return this')() with window
    I the get a failure with new DataView(new ArrayBuffer(1)) from _getTag.js
    Error: Permission denied to access object

any suggestions or help gratefully received.
thanks

Metadata

Metadata

Assignees

No one assigned

    Labels

    question

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0