Meet Remote Tab Opener Copilot

v7.10.1   Remote Tab Opener — 2025-10-31

MV3-ready, stronger relays, on-demand “controlled” banner, and first-class Focus.

Added

• focus handler (new): brings the targeted tab to the foreground and re-broadcasts a tabStatus.
• Unique tabKey mapping: non-destructive reassignment (the old tab remains open but loses its key).
• “Raw types” admin bridge: accepts direct domType, domClick, focus... normalized on the content side.
• Demo protocols & helpers: strict RTO_REQUEST/RTO_RESPONSE detection, listTabs/tabStatus, and window.RTO utilities (read mutex, Google/YouTube aliases).

Changed

• tabStatus now always includes tabKey (attach/detach, close, unregister).
• getHtml patched: property-aware immediate response with truncation (~5,000 chars) and preserved requestId.
• Allowlist normalization: merges allowedDomains + legacy inheritance; de-duplicates and supports “apex” wildcards.

Fixes & Resilience

• Robust relays: background timeout now triggers automatic content.js reinjection (all frames), then retry.
• Per-host queue: suspended actions resume after ALLOWLIST_ADD (apex/wildcard management).

Security & UX

• HTTPS-only, no file:/javascript:; LAN/localhost restricted by dedicated flags.
• Sensitive-field reads blocked + sanitized outerHTML (remove value, add data-redacted).
• “Controlled by RTO” banner available on demand only; can be minimized into a movable pill, with position persisted via window.name and mirrored to background; ALLOWLIST_NEEDED toasts.

Demos & Examples

• Google → YouTube flow: open/read the first result, then smart navigation to YouTube (main or “extras” tab).
• Remote form (DTI): focus/type, selectSetValue, highlight, submit, and sequential reads via a mutexed getHtml.

Upgrade Notes

• Replace background_core.js, content.js, content_master.js (no data migration).
• Event consumers should wait for tabStatus with an existing tabKey.
• Public documentation remains compatible (v7.9.3); the new focus action and “raw types” bridge integrate without breaking changes.

v7.9.3   Remote Tab Opener — 2025-10-25

Admin demo flow finalized (Steps 1–10), UX/state sync refined, and internal consistency with background/content preserved.

Added and demonstration improvements for the full working E2E demo page

• Step 10 — Close tab: explicit close action; UI auto-scrolls back to Step 1 and resets states.
• Live section toggle: #demo_open hides/shows based on tab open state.
• Source-code accordion (optional, docs): quick links to per-step scripts with explanations.

Changed

• Button states: Step 1 primary button reflects lifecycle (Open → Opened → Refreshed → Closed) with colors, and re-enables after actions.
• Router pattern: actions bound via data-action, each step isolated in its own file (e.g., demo_lorem_open.js, demo_lorem_submit.js).
• Reads & alerts: Steps 5–9 show compact alert() summaries (name/note, results, password-read blocked message, etc.).

Fixed

• Checkbox/radio mirroring (Step 7): copy exact state instead of toggling; buttons no longer remain disabled after completion.
• Submit + focus (Step 8): ensures form submission triggers and remote tab gets focus.
• Open-state on reload: on admin page reload, Step 1 button reflects current remote tab status.

Docs & Demo

• Clarified scope/safety in “What does E2E mean with RTO?” block.
• Consolidated examples: allowlist (Step 1b) and favorites (Step 1c) fully wired (add/check/show/remove).
• Deprecated admin.js in favor of demo_master.js + per-step scripts.

v7.9.2   Remote Tab Opener — 2025-10-21

Reliability & UX safety pass: single controlled tab, robust allowlist handling, visible control banner, and new safe style actions.

Added

• Control banner (controlled tabs only): persistent thin orange banner at the very top, with a blinking red dot and a dismiss action that minimizes it to a top-right chip. Survives open, navigate, and in-tab browsing. Cannot be hidden/overridden by page CSS/JS.
• New safe actions in content.js:
  • domSetStyle — whitelisted CSS properties applied with !important (plus a robust fallback).
  • highlight — temporary halo (outline + soft background + box-shadow) with customizable color/duration.
  • selectSetValue — safely changes <select> value and dispatches input/change.
• Admin bridge normalization: accepts {type:"command" | "RTO_COMMAND"} and common aliases (domClick→click, domType→setValue, etc.).
• Read pipeline: getHtml now posts a unified getHtmlResult message (outerHTML / innerHTML / textContent / innerText / value) with sensitive-field protection.
• Maintenance hook: injectContentScript message to re-inject the content script on an existing controlled tab.

Changed

• Allowlist semantics: storage entries now support canonical https origins by default (e.g., https://example.org) while wildcards (e.g., *.example.*) stay host-based. Background consistently normalizes and checks against origins/hosts.
• Master/controlled tab policy: the background will never “steal” the master tab. If the controlled tab equals the master, open automatically forces newTab:true.
• Adoption rules: on tab activation, adopt only when no controlled tab exists and the host is allowed (prevents unintended control switches).
• Banner UX: minimized state placed top-right (to avoid overlapping hamburger menus); slim height; orange gradient restored.

Fixed

• Single controlled tab: repeated open calls re-use the existing controlled tab when alive (unless newTab:true is set).
• “Domain not allowed” prompt targeting: prompt appears only on non-allowed controlled tabs (no prompt on the admin/master page or already-allowed domains).
• Style actions visibility: specificity ensured via style.setProperty(..., "important") plus safe fallback, improving reliability on heavy CSS sites.
• getHtml property reads: returns the requested property (no unintended outerHTML for form fields). Timeouts mitigated by observeElement and injectContentScript re-injection path.
• Bridge echo: messages from the admin page are no longer echoed back as admin-origin, preventing handler confusion during reads.

Security & Privacy

• HTTPS-only; still blocks file://, javascript:, and LAN ranges.
• Sensitive field protection unchanged (password/hidden/credit-card/IBAN/SSN patterns).
• Legacy runJs path remains extension-side only; page messages are limited to the safe action set.

Upgrade notes

• After reloading the admin page, declare it again via setMasterTab then open (or adopt an allowed tab). Wait for tabStatus/tabInfo before sending commands.
• If you don’t see the prompt on a blocked site, add it via ALLOWLIST_ADD (normalized to https by default).
• Updated files: background_core.js, content.js, content_master.js. No data migration.

v7.9.1   Remote Tab Opener — 2025-10-19

Option 2 rollout: safe DOM actions on whitelisted sites, silent search-engine allowlist seeding, manifest fix, and UX polish.

Added

• Safe named DOM actions bridge (no arbitrary code) via type:"command": getHtml, setValue, click, focusElement, submit. Forwarded by background only if current tab host is allowed.
• SE_HOSTS silent seeding in content.js: pre-adds major search engines to the allowlist once (ALLOWLIST_ADD), keeping policyDefault = deny.
• User prompt UI refined in content_master.js: host chip, validation, double-click guard, Chrome/Firefox API alias.
• Demo UX: Google open button now two-phase success (stop blinking early; then confirm Google URL).

Changed

• background_core.js: DEBUG_FORCE_ALLOW = false by default; host allowlist strictly enforced for named DOM actions.
• content.js: relays command only for the approved action set; rejects anything else.
• manifest.json: fixed duplicate keys; added content_master.js as a content script; optional webRequest/webRequestBlocking permissions for WRB (Firefox MV2).

Security & Privacy

• HTTPS-only; blocks file://, javascript:, and LAN ranges.
• Sensitive fields protected: never return password/hidden values; sanitized outerHTML removes value from input/textarea.
• Allowlist gating: named DOM actions execute only on whitelisted hosts (storage or static fallback).

Compatibility

• MV2 (Firefox/Chromium) with tabs.executeScript retained for legacy runJs path (extension-side only).
• content_master.js loads at document_idle; content.js at document_start.

Upgrade notes

• Update files: background_core.js, content.js, content_master.js, manifest.json.
• No migration of user data. First run will seed search engines and keep policy as deny.
• Recommended allowlist for demo: *.google.*, www.bing.com, duckduckgo.com, search.brave.com, www.qwant.com, www.startpage.com, www.ecosia.org, search.yahoo.com.

v7.9   Remote Tab Opener — 2025-10-18

Stability & compliance release. Deny-by-default, focus controls, and optional request blocking.

• Deny-by-default policy with storage.policyDefault (defaults to deny); explicit allow via banner or settings.
• Interactive allowlist: banner “Domain not allowed — Add to list?” + automatic resume of the pending action (open/navigate).
• Focus control: keep default focus on the remote tab, but allow focus:false, suppressNextFocus, and focusMaster.
• Firefox-only (MV2) optional request blocking: programmable via messages WRB_ENABLE, WRB_ADD, WRB_REMOVE, scoped to the controlled tab.
• MV2/MV3 parity: unified runContent, pendingUrl support, robust re-injection on navigation.
• No alert() in background/content; user-facing notices via non-intrusive banners.
• Security hardening: reject http://, file://, javascript:, and local/LAN ranges.
• Misc fixes & faster paths (fewer branches).

v7.8   Remote Tab Opener — 2025-10-17

Feature & reliability update. Security strengthened, bounded HTML extraction, and robust re-injection.

Security

• Sensitive-field hard block: disallows reading <input type="password">, type="hidden", and inputs detected by name/id/autocomplete (password / credit-card / IBAN / SSN).
• Sanitized serialization: outerHTML strips value from input/textarea and flags passwords with data-redacted="true".
• Reduced page → extension surface: on the page side, postMessage only relays focus / focusByUrl / focusByPrefix / navigate.

Added

• HTML fragment extraction (ethical mode): getHtml supports outerHTML, innerHTML, textContent, innerText, value (with safeguards), cross-domain.
• All-frames coverage: programmatic injection with { allFrames: true } to reach iframes (subject to host permissions).
• Visual focus API: focus, focusByUrl, focusByPrefix reliably activate the tab and window.

Changed

• Robust result relay: getHtmlResult returned to the UI for both success and error (explicit statuses/messages).
• Navigate flow: re-inject content.js after tabs.update (all frames), then restore focus.

Fixed

• DOM ready race: the element observer waits for document.readyState === "complete" before resolving.
• Selector errors: clearer timeouts (Element not found after timeout: <selector>).
• URL allowlist: proper RegExp escaping for custom domains; improved reliability.

Performance

• Lightweight cloning for sanitization; no external dependencies.
• No global auto-injection: minimal footprint until an action is requested.

Compatibility

• Manifest: unchanged (MV2). Permissions: tabs, activeTab, storage, <all_urls>.
• APIs: runJs, setValue, click, submit, getTitle kept. setValue now blocks sensitive targets.

Upgrade notes

• No migration steps.
• Reads on sensitive fields now return {{ status:"error", error:"Access to sensitive field is blocked" }}.