Follow

FAQ: Why and how does Access Assistant use the all_urls permissions?

Project Strobe

On October 15th, Google implemented a new policy around the use of web extension permissions in response to a project to restore trust in browser extensions' use of user data.  Below are some relevant links to that project.

In response to this policy change, Level Access reviewed our usage of the all_urls permission in Access Assistant (AST) and our other extensions. Our usage does fall into acceptable use per Google's policy, but did require us to add documentation about our use:

  • We now disclose our use of the permission in the Chrome Store.
  • We reviewed our existing Privacy Policy and added a link directly to it within the AST interface.
  • The deployment of AST will be to a limited group of people trained on its usage
  • The all_urls permission grants access to more data, but that data is only read when the user directs takes action, i.e. by running an accessibility test. That data is only sent back to our servers upon user action, also. 

Since the policy went into effect, we have submitted AST for review and undergone a manual compliance review by Google. AST was deemed to be in compliance and was published to the Chrome Store.

This document describes AST's usage of the all_urls permission and describes the impact on AST user experience should this usage be removed. 

What are the available, relevant permission options?

activeTab

The activeTab permission grants an extension temporary access to the currently-active tab ­when the user invokes the extension. If the extension is compromised, the attacker would need to wait for the user to invoke the extension before obtaining access, and that access would only last until the tab is navigated or closed.­

While the activeTab permission is enabled for a tab, an extension can:

  • Call executeScript or tabs.insertCSS on that tab.
  • Get the URL, title, and favicon for that tab via an API that returns a Tab object.
  • Intercept network requests in the tab to the tab's main frame origin using the webRequest The extension temporarily gets host permissions for the tab's main frame origin.

(ref: https://developer.chrome.com/extensions/permission_warnings)

all_urls

Grants an extension the same access as activeTab but across all open tabs in the browser. 

What functionality leverages the all_urls permission?

Seamless testing across pages

AST allows users to seamless navigate between tabs, windows, and popup windows while maintaining a connection to the currently-active tab. This allows users to run accessibility tests on any screen without relaunching AST.

Tab switching

Many users test assets based on a script, enter defects into bug tracking systems, or track notes as they complete their work.  This is often accomplished by having multiple tabs/windows open during a test: the page being tested, a Sharepoint document of the test script, a Jira window to track defects, etc.

Testing of cross-domain iframe content

Sites often pull in content from other domains using embedded iframes. Social media feeds and corporate blogs are just a couple examples.

How would switching to activeTab affect AST?

Seamless testing across pages

activeTab would limit users to testing a single page on the active tab at the time AST was launched. Navigating or closing the tab would sever the connection to AST.

Impact: AST would need to relaunched for every single page tested.

A use case would be testing a sample of 25 pages for a site. Every time you go to the next page in your list, you will need to relaunch AST, re-navigate back to the report, and capture the module to run the automatic tests. Repeat this for every page to be tested. If you are doing any manual testing, you would have to repeat this again for every page when you go back to do manual testing, unless you complete all testing of every page before moving to the next one. This dramatically increases the workload to do even basic testing.

Tab switching

Any time a user navigates to another tab, the activeTab connection to AST is severed.  To resume testing after navigating back to the page being tested, users would be required to relaunch AST. This behavior was observed in our preliminary investigation of using activeTab.

Impact: Users would only be able to use their browser for the single purpose of testing a page.

You are testing a page and evaluating the instances that are flagged for review by AST. In another tab, you have the W3C WCAG 2.0 specification open as a reference. Whenever you need to check the reference to better understand one of the flagged instances, you will lose your connection, forcing you to close AST, relaunch it, navigate back to the report, find the module associated with the page, and find the instance you were evaluating in order to pass or fail it.

Testing of cross-domain iframe content

The all_urls permission grants AST access to all domains while activeTab would restrict it to the domain of the activeTab when AST was launched. 

Impact: activeTab would prevent testing of any iframe content not on that same domain.

A loan calculator is used on multiple sections of the site, and it is hosted on a different domain than the rest of the site. This calculator is loaded in an iframe on each page where it is used. AST will be unable to capture the iframe to test the accessibility of that loan calculator.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Level Access Support
www.levelaccess.com | 800.889.9659
© 2005 - 2018 - Level Access All rights reserved.
Privacy | Security | Credits | License