[RFC] Content Script UI on click with activeTab permission only

[jeroenbernaerts]

How do you envision this feature/change to look/work like?

Instead of providing match URLs in PlasmoCSConfig, allow a UI (ex. react component) to be mounted when the extension icon is clicked, on thus activeTab permission is acquired; https://developer.chrome.com/docs/extensions/get-started/tutorial/scripts-activetab#active-tab

What is the purpose of this change/feature? Why?

By using the URL match approach, a warning is triggered when installing the extension (see example). It is encouraged to use activeTab permissions. The content script will always be injected on the matching URLs, some extensions might only need to inject scripts on (extension icon) click action.

(OPTIONAL) Example implementations

Option to leave matches key empty in CS(UI) (or not use PlasmoCSConfig at all)

export const config: PlasmoCSConfig = {
  matches: []
};

Trigger the UI injection from background service worker

chrome.action.onClicked.addListener(async (tab) => {
    // Any code before injection (check URL, ...)
    // Invoke UI injection of some Plasmo CSUI
}

(OPTIONAL) Contribution

• [ ] I would like to contribute to this RFC via a PR

Verify canary release

• [X] I verified that the issue exists in plasmo canary release

Code of Conduct

• [X] I agree to follow this project's Code of Conduct
• [X] I checked the current issues for duplicate problems.

[deavial]

wouldn’t that require scripts permission? because the declaration would not exist in the manifest, i believe you would now have to inject via scripts which adds a whole new warning to users on install. activeTab only gives the background worker permission to read the url, icon, and title of the page. or at least this is my understanding of how V3 works.

anyone else have a take on this?

[jeroenbernaerts]

wouldn’t that require scripts permission? because the declaration would not exist in the manifest, i believe you would now have to inject via scripts which adds a whole new warning to users on install. activeTab only gives the background worker permission to read the url, icon, and title of the page. or at least this is my understanding of how V3 works.

anyone else have a take on this?

It does require "scripting" permission but that does not trigger a warning. See the list of permissions and their warnings: https://developer.chrome.com/docs/extensions/reference/permissions-list

If you combine that permission with "activeTab", you can inject a content script (UI) in tab where the user has activated the extension (ex. by clicking on the extension icon)

see: https://developer.chrome.com/docs/extensions/reference/api/scripting#manifest

(This feature would also enable you to use optional permissions and inject the script only after the optional permission is prompted and accepted.)

[mrvdot]

Is there a suggested "workaround" way to achieve this? I need to run my script only when the icon has been clicked

[rezamajidi]

I also have the same problem and want to inject content script by user action. Any possible workaround?

[shafkathullah]

very in need of this feature, turns out other extension frameworks lacks this too like in wxt

[glokta1]

Same here. Was really pleased with Plasmo until I hit this snag :/

[shafkathullah]

very in need of this feature, turns out other extension frameworks lacks this too like in wxt

By the way I was able to solve this use case using WXT, with its authors support. basically inject script using service-worker and add styles via web accessible resources, all while preventing from style leakage with shadowroot.