undefined | Better HN

0 pointsthinkcontext8y ago0 comments

Most extensions of any usefulness require these 2 permissions. How else would something like adblocking or a login manager work?

0 comments

detaro8y ago

An adblocker is a good counter-example: it could work with an API that tracked the page changes and stopped e.g. JS or images inserted by the extension from loading. Even when editing the DOM, it has no need to load anything externally. Sounds possible, but I'm not sure how big the overhead of extending the DOM like that would be.

You probably could still create interactions with on-site JS that leak data sometimes, so it wouldn't be perfect, but that's page-specific and a lot more work.

thinkcontextOP8y ago

That would break a sizable amount of the web, eg, Youtube embeds.

detaro8y ago

How would an optional feature, for extensions only break the web? I'm not talking about changing the security policies in general.

j / k navigate · click thread line to collapse

0 comments

detaro8y ago

You probably could still create interactions with on-site JS that leak data sometimes, so it wouldn't be perfect, but that's page-specific and a lot more work.

thinkcontextOP8y ago

That would break a sizable amount of the web, eg, Youtube embeds.

detaro8y ago

How would an optional feature, for extensions only break the web? I'm not talking about changing the security policies in general.

j / k navigate · click thread line to collapse