Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

MetaMask May Break Sites #13711

Closed
jonathansampson opened this issue Apr 3, 2018 · 7 comments
Closed

MetaMask May Break Sites #13711

jonathansampson opened this issue Apr 3, 2018 · 7 comments
Labels
bug feature/extensions webcompat

Comments

@jonathansampson
Copy link
Collaborator

jonathansampson commented Apr 3, 2018
edited

Description

Enabling MetaMask may cause web compatibility issues with some websites. MetaMask performs a script-injection into the visited document, which may cause issues. One example of this is with the vote.webbyawards.com website.

image

When MetaMask is disabled, the angular application works as expected.

Steps to Reproduce

  1. Enable MetaMask (no need to authenticate or unlock the extension)
  2. Navigate to vote.webbyawards.com

Actual result:
Note presence of template strings.

Expected result:
Website should work as intended.

Reproduces how often:
100%

Brave Version

0.22.13

about:brave info:

Brave: 0.22.13 
V8: 6.5.254.41 
rev: a8cfb160479f1d00d0769368eb440030182bb83b 
Muon: 5.1.2 
OS Release: 10.0.16299 
Update Channel: Release 
OS Architecture: x64 
OS Platform: Microsoft Windows 
Node.js: 7.9.0 
Brave Sync: v1.4.2 
libchromiumcontent: 65.0.3325.181

Reproducible on current live release:
Yes

Additional Information

MetaMask injects a script tag directly into the root element, via its manifest.json:

   "content_scripts": [ {
      "all_frames": true,
      "js": [ "scripts/contentscript.js" ],
      "matches": [ "file://*/*", "http://*/*", "https://*/*" ],
      "run_at": "document_start"
   } ],

Worth noting that the WebExtension API determines the placement of the script when using run_at. In the case of document_start, the script in added immediately within the rootElement.

Switching run_at to document_end resolves this problem, though it may not be a feasible solution for the MetaMask team, depending on what scripts/contentscript.js does.
@jonathansampson
Copy link
Collaborator Author

cc @danfinlay

@jonathansampson
Copy link
Collaborator Author

jonathansampson commented Apr 9, 2018
edited

Testing this today, I am unable to repro on the Webby Awards website.

@danfinlay
Copy link

Sorry for slow reply on your issue, I had the flu when this was submitted :/

We tracked with this issue:
MetaMask/metamask-extension#3382

The ability to block sites we interfere with is here:
MetaMask/metamask-extension#3590

And you can see we stopped injecting web3 for webby awards here:
https://github.com/MetaMask/metamask-extension/blob/master/app/scripts/contentscript.js#L137

This is just a short-term solution, long term we are going to not inject web3 on pages by default, instead requiring sites to explicitly request a sign-in:
MetaMask/metamask-extension#714

@danfinlay
Copy link

(This should be fixed now)

@m-alikhizar
Copy link

m-alikhizar commented May 13, 2018
edited

Still same thing is happening in my scenario too. I've a Angular 4 application running on localhost.

If i enable MetaMask chrome extension it doesn't let angular list any thing in view. Since things do work normal if i disable MetaMask ext.

m-alikhizar pushed a commit to m-alikhizar/octane-sunu that referenced this issue May 14, 2018
Fix: brave/browser-laptop#13711
06449d6
@danfinlay
Copy link

@Khizar-Ali please post a reproduction site if possible, so that we can debug how exactly we may be breaking that site.

@bsclifton
Copy link
Member

I don't think there's any specific action we can take, so I'm going to close this issue. For any future webcompat incidents, let's open issues here:
https://github.com/MetaMask/metamask-extension/issues

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug feature/extensions webcompat
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@danfinlay @jonathansampson @bsclifton @m-alikhizar