undefined | Better HN

0 pointstyingq7y ago0 comments

That's an interesting thought, but extensions can still hide, inject, or replace content. They just can't avoid downloading the original by any criteria other than uri patterns.

0 comments

magicalhippo7y ago

Sure, but the idea, as I understood it, was that by locking down the APIs such that they can't change behavior post-install, any such patters would be visible on inspection.

For example, extensions are already rejected if they contain minified scripts as that also obfuscates what happens. This could be seen as going one step further.

Again, not endorsing this move.

tyingqOP7y ago

Ah, yes. The separate set of manifest v3 proposals that disallow external and/or obfuscated code. Probably a good idea at a high level, but it does break good stuff like TamperMonkey (10 million users...ouch).

j / k navigate · click thread line to collapse