[dumptruk]

This is absolutely awesome. I make heavy use of ViolentMonkey and Stylus for my desktop experience, and after a decade of iPhone use, I feel I can replicate my desktop browsing habits on my phone.

I have a question about security, as I started porting my *Monkey scripts over, I notice there’s no API around access or security. If domain-specific extensions are shared in the community, what’s to prevent someone from developing a malicious script POSTing someone’s document.cookies to a DB?

[abhinavsharma]

The Javascript API is unrestricted at the moment so that is possible right now. That's why we make it a point to warn people to only install JS extensions from a trusted source right now, e.g. https://extensions.insightbrowser.com/extend/f15fa88b79