Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

userScripts API: injection blocklist+allowlist just for this API #607

Open
tophf opened this issue May 6, 2024 · 0 comments
Open

userScripts API: injection blocklist+allowlist just for this API #607

tophf opened this issue May 6, 2024 · 0 comments
Labels
needs-triage: chrome Chrome needs to assess this issue for the first time neutral: firefox Not opposed or supportive from Firefox neutral: safari Not opposed or supportive from Safari topic: user scripts

Comments

@tophf
Copy link

tophf commented May 6, 2024

Userscript managers like Tampermonkey/Violentmonkey allow the user to specify a global blåcklist that prevents all userscripts from running in the matched sites.

This is not the same as the host permissions of the extension, because the userscripts should still be able to access those sites via GM_xmlhttpRequest (the cross-origin request API for userscripts), which is regulated by the extension separately in its background script e.g. Tampermonkey maintains a second independent list for that.

Currently we have to imitate the blåcklist via exclude patterns for each userscript which seems wasteful in case the user added a lot of sites and has a lot of userscripts. But that won't support a smart blåcklist with re-allowed subpatterns (the user blocks injection on *.google.com but re-allows docs.google.com), and we'd have to inject the userscript using all of its normal matches along with an embedded blåcklist in its code and then check it inside the page.

Something like this maybe:

chrome.userScripts.configure({
  excludeGlobs?: string[],
  excludeMatches?: string[],
  includeGlobs?: string[], // or reIncludeGlobs
  includeMatches?: string[], // or reIncludeMatches
})

It might be useful if the API requires each includeXXX to have at least one encompassing excludeXXX pattern.
@github-actions github-actions bot added needs-triage: chrome Chrome needs to assess this issue for the first time needs-triage: firefox Firefox needs to assess this issue for the first time needs-triage: safari Safari needs to assess this issue for the first time labels May 6, 2024
@dotproto dotproto mentioned this issue May 9, 2024
Closed
@Rob--W Rob--W changed the title userScripts API: injection blåcklist+allowlist just for this API userScripts API: injection blocklist+allowlist just for this API May 9, 2024
@kiaraarose kiaraarose added neutral: safari Not opposed or supportive from Safari and removed needs-triage: safari Safari needs to assess this issue for the first time labels May 9, 2024
@Rob--W Rob--W mentioned this issue May 9, 2024
Merged
@Rob--W Rob--W added neutral: firefox Not opposed or supportive from Firefox and removed needs-triage: firefox Firefox needs to assess this issue for the first time labels May 9, 2024
@Rob--W Rob--W mentioned this issue May 9, 2024
Closed
@Rob--W Rob--W mentioned this issue Jul 18, 2024
Merged
@tophf tophf mentioned this issue Sep 25, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-triage: chrome Chrome needs to assess this issue for the first time neutral: firefox Not opposed or supportive from Firefox neutral: safari Not opposed or supportive from Safari topic: user scripts
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tophf @Rob--W @kiaraarose