Hacker News new | ask | show | jobs
by iudqnolq 2311 days ago
Absolutely. If the extension injects JavaScript into the page to examine the email it can run a fetch in the context of that page.

I think the app store should warn that a page can send data to any website if it has permission to modify any page.
1 comments
fiddlerwoaroof 2311 days ago
It’s been a while, but I’m pretty sure the permissions dialog explicitly calls this out.
link