feat: Use sandboxed pages for Snaps execution in MV3

[FrederikBolding]

Description

Moves the execution of Snaps to a sandboxed page referencing a local HTML file inside the offscreen document when using the MV3 build. This effectively gives us access to eval without hitting the network and should reduce the overhead when booting a Snap (+ allow for Snaps to execute when the user is offline).

To support this, this PR introduces some new changes to the manifest as well as the build process. For the build process we simply copy the same iframe bundle currently used in the hosted version to /dist/chrome/snaps. For the manifest, we add a reference to the sandboxed page and tweak the CSP of the sandbox to be as restrictive as possible (the default is not very strict). Then we can simply point the existing offscreen executor to use the local iframe instead of the remote one.

Closes #25250

[metamaskbot]

Builds ready [2b67003]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (55 ± 17 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	65	294	90	48	23
		domContentLoaded	9	89	14	17	8
		load	40	203	55	36	17
		domInteractive	9	89	14	17	8

Bundle size diffs

• background: 0 Bytes (0.00%)
• ui: 0 Bytes (0.00%)
• common: 0 Bytes (0.00%)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 65.64%. Comparing base (9a5aeae) to head (89efe5d).
Report is 7 commits behind head on develop.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop   #25171   +/-   ##
========================================
  Coverage    65.64%   65.64%           
========================================
  Files         1367     1367           
  Lines        54257    54257           
  Branches     14189    14189           
========================================
  Hits         35616    35616           
  Misses       18641    18641           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[FrederikBolding]

This is intended to be stricter than the default policy: https://developer.chrome.com/docs/extensions/reference/manifest/content-security-policy#default_policy

[naugtur]

we could experiment with adding default-src 'none' to these, but I think that could potentially block fetch. Maybe other things. But it'd also block some exfiltration techniques like image URLs

[FrederikBolding]

If we add default-src 'none', we would need something for connect-src * to allow for fetch at least

[FrederikBolding]

Done!

[metamaskbot]

Builds ready [b0ad7b6]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (52 ± 5 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	61	100	84	12	6
		domContentLoaded	9	30	12	4	2
		load	40	76	52	10	5
		domInteractive	9	30	12	4	2

Bundle size diffs

• background: 0 Bytes (0.00%)
• ui: 0 Bytes (0.00%)
• common: 0 Bytes (0.00%)

[naugtur]

Looks great.
It's worth red teaming the solution to see if the sandbox itself is working as expected or whether it has access to resources we didn't want it to access, but that's chrome bugs if any.
Assuming chrome does its work, this is awesome.

[metamaskbot]

Builds ready [89efe5d]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 11, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (53 ± 5 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	71	123	87	11	5
		domContentLoaded	9	25	12	3	2
		load	43	87	53	11	5
		domInteractive	9	25	12	3	2

Bundle size diffs

• background: 0 Bytes (0.00%)
• ui: 0 Bytes (0.00%)
• common: 0 Bytes (0.00%)

[danjm]

This looks good to me, as long as the current state of the content_security_policy changes are approved by @naugtur

[naugtur]

thanks for the default-src!

[FrederikBolding]

🫡