[sorenjan]

> Cross-origin communication: In Manifest v3, content scripts will have the same permissions as the page they are injected in. We are planning to implement this change.

What will this mean for GM.xmlHttpRequest in userscripts? Adding content from several different sites with userscripts can be very powerful.

[xg15]

Was wondering about that too - but this seems to be just a Spectre defense, not a change in what extensions can do.

The change[1] only affects content scripts because they run in the same process as the website. You're still able to fetch arbitrary origins in a background page. So GM has to move the fetch to the background page, then send the content to the script via message passing.

[1] https://www.chromium.org/Home/chromium-security/extension-co... .

[input_sh]

Stylus (Stylish without the tracking) sure is a nice interface, but you don't really need an add-on for that functionality. Create "chrome/userContent.css" within your Firefox profile directory and populate it with something like:

    @-moz-document domain(example.com) {
        img { opacity: 0.05 !important; }
    }

Note that there's some about:config flag that needs to be switched since the version that got released today.