• Skip to main content
  • Select language
  • Skip to search
MDN Web Docs
  • Technologies
    • HTML
    • CSS
    • JavaScript
    • Graphics
    • HTTP
    • APIs / DOM
    • WebExtensions
    • MathML
  • References & Guides
    • Learn web development
    • Tutorials
    • References
    • Developer Guides
    • Accessibility
    • Game development
    • ...more docs
Add-ons
  1. MDN
  2. Mozilla
  3. Add-ons
  4. Browser extensions
  5. Anatomy of an extension

Anatomy of an extension

In This Article
  1. manifest.json
  2. Background scripts
    1. Specifying background scripts
    2. Background script environment
      1. DOM APIs
      2. WebExtension APIs
      3. Cross-origin access
      4. Browser actions
      5. Web content
      6. Content security policy
  3. Content scripts
  4. Web accessible resources

An extension consists of a collection of files, packaged for distribution and installation. In this article, we will quickly go through the files that might be present in an extension.

Every extension must contain a file called "manifest.json". This manifest can contain pointers to several other types of files:

  • Background pages: Implement long-running logic.
  • Content scripts: Interact with web pages (note this is not the same as JavaScript in a <script> element within a page).
  • Browser action files: Add buttons to the toolbar.
  • Page action files: Add buttons to the address bar.
  • Options pages: Define a UI for users to view and change your extension's settings.
  • Sidebar files: add a sidebar to the browser.
  • Web-accessible resources: Make packaged content accessible to web pages and content scripts.

manifest.json

This is the only file that must be present in every extension. It contains basic metadata such as its name, version and the permissions it requires. It also provides pointers to other files in the extension.

See the manifest.json reference page for all the details.

Background scripts

Extensions often need to maintain long-term state or perform long-term operations independently of the lifetime of any particular web page or browser window. That is what background scripts are for.

Background scripts are loaded as soon as the extension is loaded and stay loaded until the extension is disabled or uninstalled. You can use any of the WebExtension APIs in the script, as long as you have requested the necessary permissions.

Specifying background scripts

You can include a background script using the background key in "manifest.json":

// manifest.json
"background": {
  "scripts": ["background-script.js"]
}

You can specify multiple background scripts: if you do, they run in the same context, just like multiple scripts that are loaded into a single web page.

Background script environment

DOM APIs

Background scripts run in the context of special pages called background pages. This gives them a window global, along with all the standard DOM APIs that provides.

You do not have to supply your background page. If you include a background script, an empty background page will be created for you.

However, you can choose to supply your background page as a separate HTML file:

// manifest.json
"background": {
  "page": "background-page.html"
}

WebExtension APIs

Background scripts can use any of the WebExtension APIs in the script, as long as their extension has the necessary permissions.

Cross-origin access

Background scripts can make XHR requests to any hosts for which they have host permissions.

Browser actions

If your extension defines a browser action and that browser action does not have a popup, then you can listen to click events on the browser action's button using the browserAction's onClicked object:

browser.browserAction.onClicked.addListener(handleClick);

Web content

Background scripts do not get direct access to web pages. However, they can load content scripts into web pages and can communicate with these content scripts using a message-passing API.

Content security policy

Background scripts are restricted from certain potentially dangerous operations, like the use of eval(), through a Content Security Policy. See Content Security Policy for more details on this.

Content scripts

Use content scripts to access and manipulate web pages. Content scripts are loaded into web pages and run in the context of that particular page.

Content scripts are extension-provided scripts which run in the context of a web page; this differs from scripts which are loaded by the page itself, including those which are provided in <script> elements within the page.

Content scripts can see and manipulate the page's DOM, just like normal scripts loaded by the page.

Unlike normal page scripts, they can:

  • Make cross-domain XHR requests.
  • Use a small subset of the WebExtension APIs.
  • Exchange messages with their background scripts and can in this way indirectly access all the WebExtension APIs.

Content scripts cannot directly access normal page scripts but can exchange messages with them using the standard window.postMessage() API.

Usually, when we talk about content scripts, we are referring to JavaScript, but you can inject CSS into web pages using the same mechanism.

See the content scripts article to learn more.

Web accessible resources

Web accessible resources are resources such as images, HTML, CSS, and JavaScript that you include in the extension and want to make accessible to content scripts and page scripts. Resources which are made web-accessible can be referenced by page scripts and content scripts using a special URI scheme.

For example, if a content script wants to insert some images into web pages, you could include them in the extension and make them web accessible. Then the content script could create and append img tags which reference the images via the src attribute.

To learn more, see the documentation for the web_accessible_resources manifest.json key.

 

 

Document Tags and Contributors

Tags: 
  • WebExtensions
 Contributors to this page: wbamberg, John-Nagle, andrewtruongmoz, rolfedh, jeremy-french, Didglee, Sheppy, DineshMv, hashedhyphen, PushpitaPikuDey, dirty-bit, ccarruitero
 Last updated by: wbamberg, Jul 19, 2017, 9:33:51 AM
See also
  1. Browser extensions
  2. Getting started
    1. What are extensions?
    2. Your first extension
    3. Your second extension
    4. Anatomy of an extension
    5. Example extensions
  3. How to
    1. Intercept HTTP requests
    2. Modify a web page
    3. Add a button to the toolbar
    4. Implement a settings page
  4. User interface
    1. Introduction
    2. Toolbar button
    3. Address bar button
    4. Sidebar
    5. Context menu items
    6. Options page
    7. Bundled web pages
    8. Notifications
    9. Address bar suggestions
    10. Developer tools panels
  5. Concepts
    1. Using the JavaScript APIs
    2. Content scripts
    3. Match patterns
    4. Internationalization
    5. Content Security Policy
    6. Native messaging
  6. Porting
    1. Porting a Google Chrome extension
    2. Porting a legacy Firefox extension
    3. Embedded WebExtensions
    4. Comparison with the Add-on SDK
    5. Comparison with XUL/XPCOM extensions
    6. Chrome incompatibilities
    7. Differences between desktop and Android
  7. Firefox workflow
    1. Temporary Installation in Firefox
    2. Debugging
    3. Developing for Firefox for Android
    4. Getting started with web-ext
    5. web-ext command reference
    6. Extensions and the Add-on ID
    7. Publishing your extension
  8. JavaScript APIs
    1. Browser support for JavaScript APIs
    2. alarms
    3. bookmarks
    4. browserAction
    5. browsingData
    6. commands
    7. contextMenus
    8. contextualIdentities
    9. cookies
    10. devtools.inspectedWindow
    11. devtools.network
    12. devtools.panels
    13. downloads
    14. events
    15. extension
    16. extensionTypes
    17. history
    18. i18n
    19. identity
    20. idle
    21. management
    22. notifications
    23. omnibox
    24. pageAction
    25. permissions
    26. privacy
    27. proxy
    28. runtime
    29. sessions
    30. sidebarAction
    31. storage
    32. tabs
    33. topSites
    34. types
    35. webNavigation
    36. webRequest
    37. windows
  9. Manifest keys
    1. applications
    2. author
    3. background
    4. browser_action
    5. chrome_settings_overrides
    6. chrome_url_overrides
    7. commands
    8. content_scripts
    9. content_security_policy
    10. default_locale
    11. description
    12. developer
    13. devtools_page
    14. homepage_url
    15. icons
    16. incognito
    17. manifest_version
    18. name
    19. omnibox
    20. optional_permissions
    21. options_ui
    22. page_action
    23. permissions
    24. protocol_handlers
    25. short_name
    26. sidebar_action
    27. version
    28. web_accessible_resources
  10. Themes
  11. Publishing add-ons
  12. Guides
    1. Signing and distribution overview
    2. Submit an add-on
    3. Creating an appealing listing
    4. Review policies
    5. Developer agreement
    6. Featured add-ons
    7. Contact addons.mozilla.org
  13. Community and support
  14. Channels
    1. Add-ons blog
    2. Add-on forums
    3. Stack Overflow
    4. Development newsgroup
    5. IRC Channel
  15. Legacy add-ons
  16. Legacy technologies
    1. Add-on SDK
    2. Legacy Firefox for Android
    3. Bootstrapped extensions
    4. Overlay extensions