Planet Mozilla

Planet Mozilla
Looking For
mozilla.org
Wiki
Developer Center
Firefox
Thunderbird
Planet Mozilla
Intro
Hey everyone, we’ve been working on some exciting changes, and want to share them with you.
But first, let me introduce myself. I am Christos, the new Sr. Developer Relations engineer in Add-ons, and I’m excited to write my first post on the Add-ons engineering blog.
Deprecations and changes
To start, I’m looking at a couple of features that are going away: avoiding content script execution in extension contexts, decoupling file access from host permissions, and improving the display of
pageAction
SVG icon.
executeScript / registerContentScript in moz-extension documents
Deprecated: Firefox 149  Removed: Firefox 152
Starting in Firefox Nightly 149 and scheduled for Firefox 152, the scripting and tabs injection APIs no longer inject into
moz-extension://
documents. This change brings the API in line with broader efforts to discourage string-based code execution in extension contexts, alongside the default CSP that restricts
script-src
to extension URLs and the removal of remote source allowlisting in MV3 (
bug 1581608
).
Firefox emits a warning when this restriction is met, so you are aware of and can address any use of this process in your extensions. This is an example of the warning message:
Content Script execution in moz-extension document has been deprecated and it has been blocked
To work around this change,
you can:
Import scripts directly
in the extension page’s HTML.
Use module imports or standard