Hacker News new | ask | show | jobs
by jannes 2313 days ago
What do you mean with "sandboxes fetch requests"? That's not a valid countermeasure at all...

The grandparent was worried about the extension stealing his email's contents.
1 comments
iudqnolq 2313 days ago
Absolutely. If the extension injects JavaScript into the page to examine the email it can run a fetch in the context of that page.

I think the app store should warn that a page can send data to any website if it has permission to modify any page.

link
fiddlerwoaroof 2313 days ago
It’s been a while, but I’m pretty sure the permissions dialog explicitly calls this out.
link