mfc
commented
5 years ago okay thanks for digging into it. yes i think for 60.x we will just use the existing legacy extension.
Open liliakai opened 5 years ago
mfc
commented
5 years ago okay thanks for digging into it. yes i think for 60.x we will just use the existing legacy extension.
liliakai
commented
5 years ago Update: Target release for the API we need is "hopefully 65", which would be late January.
mfc
commented
5 years ago FYI linking these two issues: https://github.com/CiviCERT/suspicious-email-submitter-thunderbird/issues/8
liliakai
commented
5 years ago Also linking to https://bugzilla.mozilla.org/show_bug.cgi?id=1499617 which tracks the mailTabs api for web extensions. We'll need this to determine what message(s) the user has selected for upload.
mfc
commented
5 years ago FYI looks like these issues are (potentially) resolved in TB 66
liliakai
commented
5 years ago We're so close! The messages API has landed, but we currently can only retrieve messages in a parsed object format rather than as a raw .eml (ala the "view source" option), like we get with chrome/ff.
I've opened https://bugzilla.mozilla.org/show_bug.cgi?id=1525274 to request a modification to the API, but if it isn't prioritized shortly, we have to either:
mfc
commented
5 years ago thanks for the report back and filing that ticket - let's first see how they respond
liliakai
commented
5 years ago Seeing some spurious activity on that bugzilla ticket that I opened. It was added as a blocker on this broader ticket tracking WebExtension support in general: https://bugzilla.mozilla.org/show_bug.cgi?id=1396172. So, that seems like a sign that it's going to get implemented! Don't know when though.
mfc
commented
5 years ago great, thanks for the update, and glad to see a response on the ticket. yeah doesn't sound like a super-soon implementation...
liliakai
commented
4 years ago We now have a code patch and a target milestone of Thunderbird 72.0 for a getRaw function in the messages API, which means it could land in Thunderbird Beta as soon as next month.
liliakai
commented
4 years ago Just did a successfully test in Thunderbird Beta!
I was able to view the raw message source and submit a report to MISP from the default 3-pane Thunderbird view. However, it's not yet working from the view of a single message in a new tab, though I'm hopeful that that should just take a little debugging.
Also, WebExtensions are only installable from Tools > Developer Tools > Debug Add-ons, and not from the regular Tools > Add-ons manager, although they do appear under the Add-ons manager after installation.
A rough overview of the landscape of WebExtensions support in current and upcoming Thunderbird releases, which I have determined purely by trial and error:
Thunderbird 60.2.1 can load WebExtensions-style add-ons, but the ui components like the options page, and browser action popup, are unimplemented or broken.
The next Thunderbird beta candidate (63.0b1) adds support for the options ui (as an embedded ui, rather than its own page but it still works), so the extension can be configured from a json config file.
The last Thunderbird nightly at time of this testing (64.0a1) adds support for the browser action popup so we can present our ui to the user in any tab/window.
So it looks like the UI support for our extension is going to be at least two releases away, in 60.4.x slated for early December.
In addition to these UI elements, we need to access the raw email data. In a webmail context we use content script injection to scrape the ui. In Thunderbird, we expect to get a javascript API for extensions to interact with mailboxes directly, but that's apparently still in the pre-planning stages: https://bugzilla.mozilla.org/show_bug.cgi?id=1488176.
So it seems like for now we'll have to create legacy or hybrid extension. I'm still working through the thunderbird add-on documentation to figure out the best way to do this. Will update this issue when I have more progress.