When the user clicks the "Open in a new tab" button, the extension's internal `player.html` page opens, with a URL parameter `?url=[the SWF URL]`. Right now, this URL parameter is not properly encoded. This causes a problem when we get to https://github.com/ruffle-rs/ruffle/blob/master/web/packages/extension/src/player.ts#L14:
> `const swfUrl = url.searchParams.get("url");`
Because the value "url" parameter was not properly encoded, any `&` character in the SWF URL would be interpreted as the start of a *new* parameter, instead of being part of the actual SWF URL. So anything after the first `&` symbol in the SWF URL would be chopped off.
On Itch.io Flash pages such as https://rarykos.itch.io/hug-me-im-cold, the SWF URL contains several important parameters - if they are not included, the server returns 403 Forbidden (it's a type of hotlinking protection). So when the user clicked the "Open in a new tab" button on Itch.io pages, the SWF would refuse to load in the player.
This PR fixes the problem - Itch.io SWFs load when opened in a new tab after my change is applied.
YAML is shorter, more modern, readable, and flexible than JSON.
In other words, YAML >>> JSON.
Auto-converted using [`yq`](https://github.com/kislyuk/yq).
`unsafe-eval` was needed in the extension Content Security
Policy to Wasm compilation in Chrome.
This CSP setting causes the extension to get flagged in the
Mozilla Add-On Marketplace, which discourages the use of
`unsafe-eval`.
However, Chrome has a `wasm-eval` CSP setting which also allows
extensions to compile Wasm without requiring `unsafe-eval`.
Inject this into the extension manifest when building the Chrome
extension.
Eventually this may change to `wasm-unsafe-eval` as drafted by
the CSP spec and be required by all browsers.
Previously the popup page fetched only the `ruffleEnable` and `ruffleOptout`
options because only those appear in `popup.html`. So the remaining
options were always returned with their default value, making the popup
page think that all tabs need to be reloaded when these options have a
non-default value.
Remove the `keys` parameter of `getOptions`, and instead make it always
return all options. Adapt all usages of `getOptions`, which got simplified
by this change.
In some cases, extension API abstraction objects can be assigned directly
with the equivalent extension API namespace. This reduces much trivial
code that just duplicates all the needed functions.
Also, extract `promisifyStorageArea` to share duplicate code between
the conversions of `chrome.storage.local` and `chrome.storage.sync`
(though `local` is not currently used).
This disallows passing non-existent options:
```ts
utils.getOptions(["doesNotExist"]); // error
```
And also disallows using options that were not requested:
```ts
const options = utils.getOptions(["ruffleEnable"]);
options.ignoreOptout; // error
```
This has few advantages:
* `Map` is more performant, and its keys cannot clash with builtin
JavaScript properties (e.g. `toString`).
* TypeScript has better type information about `map.keys()`, whereas
`Object.keys()` always return `string[]`.
Also, move `camelize` inside `getBooleanElements`, as it's only used
there, and unify the 2 `for` loops in `bindBooleanOptions` (iterating
`options` is wrong because it might contain options that doesn't exist
in the page).
This serves 2 goals:
1. Wait for the script to be injected (when the promise is resolved),
so future `sendMessageToPage` won't happen before the script can
respond.
2. Detect errors in the script injection (when the promise is
rejected).
Use wasm-bindgen's built-in loader instead of relying on Webpack.
In order to still respect the `publicPath` config, set
`__webpack_public_path__` just before fetching the WebAssembly module.
This allows to no longer declare `.wasm` files as resource assets in
each `webpack.config.js`.
This simplifies the `publicPath` function and makes it useable inside
`fetchRuffle`.
Assuming `publicPaths` isn't used anywhere, this shouldn't be harmless.
In direct SWF mode, paths used to be resolved relative to the
extension URL, which is invalid. Change it to be relative to the
SWF location, using the `base` option.
Firefox doesn't know the manifest "version_name" key, so it shows
a warning when loading the extension.
So define "version_name" only for the "generic" variant, along with
a nearby cleanup of using a regular property assignment instead of
`Object.assign`.