Hacker News new | ask | show | jobs
by 6510 699 days ago
The permissions need to be more specific some how.

I think the correct approach is to have the option to have a function isolated from the rest of the code. Then pay a trusted party to review the functionality of the function.

In this case said function may only 1) access the html on the website, 2) find the button and 3) return only that what makes the button.

Then the permission prompt, written by the trusted party, can be something accurate like: This extension wants to copy buttons from websites.

I'm calling it DEWISOTT computing: does exactly what it says on the tin

You can go wild update your extension 1000 times per day without touching the function.
1 comments
dotancohen 699 days ago 

  > written by the trusted party
This is the weak, and expensive, link.
link
6510 699 days ago
The programming notary should be expensive per line.

If a function gets certified and a decent description it can be published for other developers to further scrutinize and use the same.

With user.script or greasemonkey scripts it is kinda expected to read the script before use. Short scripts are easier to check.

Funny example

https://userscripts-mirror.org/scripts/show/179526

If the potentially dubious part can be isolated the notary, the publisher, the other developer and the user can easily review it. It seems much better than the current installing black boxes?

link