search

duckduckgo / duckduckgo-privacy-extension

DuckDuckGo Privacy Essentials browser extension for Firefox, Chrome.
https://duckduckgo.com/app
Apache License 2.0
1.27k stars 247 forks source link

Uncaught DOMException: CSSStyleSheet.cssRules getter: Not allowed to access cross-origin stylesheet #2798

Open eyaler opened 2 weeks ago

eyaler commented 2 weeks ago

Steps to Reproduce

  1. go to https://web.archive.org/web/20240529185621/https://oulipoh.com/resen/
  2. click one of the tags in the header
  3. observe the exception in the console
  4. remove the extension and observe there is no exception

Expected behavior: extension should not break websites or require them to take special preventive measures. as a last resort extension should try to signal that it is the cause of the breakage

Actual behavior: duckduckgo extension injects css as a data: string to the html head. this has several unexpected consequences:

  1. pages relying on the last stylesheet in the head to be a something specific will retrieve an unexpected stylesheet
  2. pages using CSSStyleSheet.cssRules will hit the exception: Uncaught DOMException: CSSStyleSheet.cssRules getter: Not allowed to access cross-origin stylesheet

Versions Firefox 132 + duckduckgo 2024.10.16 on windows