Re: Core API Proposal

On 2016-05-03 00:00, Mike Pietraszak wrote:
> Because browsers supported different add-on models, extension authors wound up
 > creating divergent codebases and delivering different browser-specific add-ons.
 > This Community Group's goal is to make browser extension code much more
 > interoperable across browsers by specifying common extension interfaces and
 > well-defined browser behavior. This will allow extension authors to greatly
 > reduce or eliminate the rework necessary to create extensions that target different browsers.

Hi Mike,
Nice to see some activity in this list!

IMO, the value of standardized browser-based extensions becomes fairly limited if
you don't reach a level of compliance where you can use a common "App Store".

However, there's a rather unarticulated (but easy to verify) need for a replacement
of the deprecated ActiveX and NPAPI schemes.  Chrome (desktop) supports such a thing:
http://www.cnet.com/news/google-paves-over-hole-left-by-chrome-plug-in-ban/

FWIW, I have taken the liberty of enhancing this system (without touching Chrome):
https://github.com/cyberphone/web2native-bridge

Implementing Google's solution "as is" would IMO be serious mistake. A workaround
should not transcend into a standard:
https://lists.w3.org/Archives/Public/public-webappsec/2015Oct/0071.html

Something along these lines is already happening in the W3C Web Payment WG for
accessing native "Wallets", unfortunately without inviting the huge developer
community that could use such solutions:
https://github.com/w3c/webpayments/issues/42

Anders Rundgren
>
>
>
> Here's a possible roadmap for this work:
>
> 1. Identify the core objects and manifest keys
>
> 2. Define interop behavior and specific APIs (functions, events and associated types)
>
> 3. Clarify CSP security, browser-specific API syntax and packaging
>
> 4. Iterate
>
>
>
> We would like to suggest our Community Group start by 1) identifying a set of core interoperable objects and associated manifest keys. We think this core should provide the necessary functionality that extension authors will need for: page modification, browser UI augmentation and network request modification. Below is a proposed set of core objects that we think meets this criteria.
>
>
>
> Next, our Community Group can 2) document and discuss the browser behavior (to ensure interoperability) and specific functions/events for each object (e.g. browserAction.setIcon(), pageAction.onClicked(), tabs.sendMessage(), etc.). Then we can move on to specify 3) the security model, the method for browsers to provide unique API that aren't in the standard and the packaging format.
>
>
>
> For all stages, we can use GitHub to store the documents and update them. Florian has offered to grant write permission to Community Group members to allow drafts to be submitted.
>
>
>
> What do other members think? Is this the right approach? Regarding the objects below, what is missing? Or unnecessary?
>
>
>
> Sincerely,
>
> Mike Pietraszak & John Hazen, Microsoft
>
> Kris Maglione & Andy McKay, Mozilla
>
> Shwetank Dixit & Bruce Lawson, Opera
>
>
>
> Proposed core APIs:
>
>   browserAction
>
>   contextMenu
>
>   extension
>
>   i18n
>
>   pageAction
>
>   runtime
>
>   tabs
>
>   webNavigation
>
>   webRequest
>
>   windows
>
>
>
> Proposed manifest format:
>
> // Before parsing the manifest, standards-compliant browsers are expected to pre-scan
>
> // and remove "//" comments. After this step the manifest.json file format for browser
>
> // extensions is expected to be fully JSON compliant. Malformed JSON files are not supported.
>
> //
>
> // Other manifest keys that are well-formed JSON but are not listed here must be ignored.
>
> //
>
> // Note that some fields marked as Optional here are required by vendor-specific distribution Stores.
>
>
>
> {
>
>   "name": "The Name of Your Extension",             // Required
>
>   "version": "Your Extension Verison",              // Required
>
>   "default_locale": "en",                           // Required if locales are used. Otherwise, not allowed
>
>
>
>   "description": "Description for Your Extensions",
>
>   "icons": {...},
>
>   "developer": {
>
>        "name": "Your Name or Company",
>
>        "url": "Company Website"
>
>   }
>
>
>
>   // Note: Some browsers may support either browser_action or page_action, but not both
>
>   "browser_action": {
>
>       "default_icon": {...},                        // Same format as "icons"
>
>       "default_popup": "Page URL",
>
>       "default_title": "Title string"
>
>   },
>
>   "page_action": {...},                             // Same format as "browser_action"
>
>
>
>   "browser_specific_settings": {
>
>        "<browser_name>": {                          // Examples "gecko","opera","edge"
>
>             "<key>": "<value>"                      // Examples "strict_min_version": "42.0", "id": "addon@example.com"
>
>        }
>
>   },
>
>
>
>   "background": {
>
>       "page": "Page URL",                           // Only one of "page" or "scripts" may be specified, but not both
>
>       "scripts": [],                                // Only one of "page" or "scripts" may be specified, but not both
>
>       "persistent": false                           // Required if "background" is specified
>
>   },
>
>
>
>   "content_scripts": {
>
>       "all_frames": false,
>
>       "css": [],
>
>       "exclude_matches": [],
>
>       "js": [],
>
>       "matches": [],
>
>       "run_at" : "document_start"                   // Also "document_end", "document_idle"
>
>   }
>
>
>
>   "content_security_policy": "<policy-string>",
>
>
>
>   "manifest_version": 2,                            // Not used
>
>
>
>   "required_keys": [],                              // If a browser does not recognize a key in the list, it must
>
>                                                     // reject the manifest (e.g. "sidebar_action")
>
>                                                     // Future keys may be required to be in the list if used.
>
>
>
>   "permissions": {
>
>        "activeTab",
>
>        "contextMenus",
>
>        "storage",
>
>        "tabs",
>
>        "webNavigation",
>
>        "webRequest",
>
>        "webRequestBlocking",
>
>        "<url-pattern>"                              // Examples "http://*/*", ""
>
>   },
>
>
>
>   "web_accessible_resources": [...]
>
> }
>

Received on Tuesday, 3 May 2016 03:25:52 UTC