RFE: finer grained permissions for "read and change all your dat"
Reported by
khym.cha...@gmail.com,
Jun 2 2018
|
|||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36 Steps to reproduce the problem: If an extensions wants to read or change anything in a web page, it needs to permission "read and change all your data". What is the expected behavior? What went wrong? The permissions for reading and writing data should be finer grained than that: * There should be read-only versions of any page data permissions, for extensions that don't need to modify anything on any pages. * There should be a permission that excludes forms from being visible to the extension, for extensions that don't need to read/change forms. Similarly, there should be an extension that includes forms *except* for usernames, password, credit card info, and so on. These permissions should also prevent new fields or new forms from being inserted into the page. * There should be a permission which *only* allows the data of existing forms to be read/changed, for extensions like form recovery and grammar correction. * There should be an permission for only reading/changing CSS/style, for extensions like Stylish. WebStore page: Did this work before? No Chrome version: 67.0.3396.62 Channel: stable OS Version: Fedora 27 Flash Version:
,
Jun 5 2018
As per comment#0 this seems to be a feature request. Hence marking it as Untriaged. Thanks!
,
Jun 8 2018
We agree that there is definitely some opportunity for providing finer grained permissions (or more focused APIs) on the extensions platform for page access. We're investigating a number of different options in this area, some of which may address a few of these needs. The tricky part is that there isn't really a good ability to restrict JS on a page, so this has to be thought about carefully. Marking this as available for now. |
|||
►
Sign in to add a comment |
|||
Comment 1 by gov...@chromium.org
, Jun 3 2018