Firefox extension ask for access your data for all websites #3
Comments
|
Thanks for bringing this up. That does seem a bit too invasive. It seems that Firefox shows that warning because my extension can inject a content script into any tab, whenever it wants. There is a less intrusive permission called
Perhaps I should add an explanation to the Firefox extension for the "Access your data for all websites" permission? I'm open to suggestions. |
Why do you need to inject a script? Cannot you detect clipboard changes using |
|
I need the content script to listen for the "copy" event and to get the current text selection. |
|
Seems like Firefox clipboard API is not ready yet
|
|
I wonder how you do things in Chrome extension? Do you inject a script in there also? |
Yes, the extension works identical in all versions (Chrome, Firefox and Edge). I use the webextension-polyfill so its a single code base for all versions. |
|
Okay you may add a note about Firefox permission to the README |
Bumps [ts-loader](https://github.com/TypeStrong/ts-loader) from 8.3.0 to 9.2.6. - [Release notes](https://github.com/TypeStrong/ts-loader/releases) - [Changelog](https://github.com/TypeStrong/ts-loader/blob/main/CHANGELOG.md) - [Commits](TypeStrong/ts-loader@v8.3.0...v9.2.6) --- updated-dependencies: - dependency-name: ts-loader dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Would it be possible for the "copy to clipboard" user action to be the action that triggers the script to be injected? Or would it be too late? Thanks. |
Unfortunately the browser extension API's do not provide such a feature. It would also be too late indeed (although only for the first time you copy) as the event listener will be added after the copy has been done. The only way to inject the content script on all pages automatically, is to set the the allowed origins to If I disable the automatic injection, it will get rid of the warning in Firefox, but the user will have to do a certain action like clicking on the browser extension icon, before I can inject the content script. They will have to do this on every visit. |
roedesh
added
discussion
|
Thanks. That makes good sense. I can't think of a really great solution, but I did come up with a possibility: Firefox allows developers to set on-demand permissions for extensions. By default, the extension could not ask for the "Access your data for all websites" permission; instead it can provide a toolbar button or context menuitem to activate the extension on the current page. Separately, there can be an option to enable the extension for all pages. When the user enables that option, Firefox will prompt for the "Access you data for all websites" permission. I don't love the above because it's a bit clunky (IMO), but it might be the only possibility (besides keeping things how they are). |
|
Has anything changed with the browser APIs that would allow an improvement per the OP's request? |
I checked Firefox version of the extension it use Access your data for all websites permission which seems invasive.
But Chrome extension does not use a such permission
The text was updated successfully, but these errors were encountered: