Run rule engine in all frames#4
Merged
Merged
Conversation
Enable `all_frames: true` (with `match_origin_as_fallback`) so the rule engine runs in every same-origin and covered cross-origin iframe — not just the top document. Rules whose targets are page-wide (footer, cookie banner, newsletter modal, chat widget, search-URL recipe, LLM classifier) opt into a new `topFrameOnly` flag so they don't fire pointlessly in subframes. The options badge is also gated to the top frame so users don't get one per iframe. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This was referenced Jun 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
all_frames: truein the content script manifest (withmatch_origin_as_fallbacksoabout:blank/about:srcdociframes are covered) so PII/secrets masking, prompt-injection hiding, ads-hide, hidden-text-strip, comments/reviews hiding, and the rest of the rule catalog actually reach content that lives inside iframes (Disqus, Trustpilot, AdSense, third-party comment widgets, etc.).topFrameOnlyopt-in on theRuletype — set on the rules whose targets are inherently page-wide so they don't fire pointlessly in every subframe:footer-hide,cookie-banner-hide,newsletter-modal-hide,chat-widget-hide,search-url-helper,irrelevant-sections-hide.lib/frame.tsis the single source of truth for "are we the top frame", with a defensivetry/catcharound the cross-originwindow.topaccess.lib/__tests__/rule-engine.test.ts) covers the three frame-gating branches (top-frame + frame-agnostic rule applied, top-only rule skipped in subframes, unavailable rule never applied).Notes
<all_urls>inmatchesalready covers every origin the script needs to inject into.ads-hidedeliberately runs in subframes too — many ad networks render the actual ad content inside their iframe, so the EasyList stylesheet needs to be present in each frame. Per-frame stylesheet cost (~600KB CSS text per frame) is a known tradeoff worth a follow-up perf pass.Test plan
bun run check(biome) — passes (one pre-existing unrelated warning inOptions.tsx, untouched)bun run test— 385/385 pass, including the 3 new frame-gating testsbunx tsc --noEmit— cleanbun run build— producesdist/manifest.jsonwithall_frames: trueandmatch_origin_as_fallback: truecomments-hide/reviews-hideplaceholders appear inside the iframe and that only one options badge renders on the top framecookie-banner-hide/newsletter-modal-hidestill fire normally on the top frame and do not log anything inside subframes🤖 Generated with Claude Code