Hacker News new | ask | show | jobs
by afarrell 4087 days ago
It sounds like you would need the ability to access all the data on the page but not be able to phone home. Enforcing that sounds like a nightmare.
1 comments
pyre 4087 days ago
Right now extensions can provide a regex of the URLs that they will be enabled on. Obviously a malicious developer will just say "all" though.
link
dogecoinbase 4087 days ago
Please tell me that it actually displays a regex to the end user during installation and asks them to read and approve it.
link
pyre 4086 days ago
This has been there from the very beginning (as it was a part of GreaseMonkey/UserScripts), but it's not part of the permission system. This is the developer saying "only enable the extension on these pages." So the system to enforce this is in place, but it's not treated exposed to the end-user.
link
joliv 4087 days ago
IIRC (using Firefox nowadays) it did tell the user what sites it was allowed on, although it did this through wildcards (e.g. "http://news.ycombinator.com/*") instead of regexes.
link