Closed Bug 1629624 Opened 4 years ago Closed 4 years ago

Site Permissions: 'Disable browser extensions for this site'

Categories

(WebExtensions :: Untriaged, enhancement)

Product:
WebExtensions
Component:
Untriaged
Version:
75 Branch
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: mail, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:75.0) Gecko/20100101 Firefox/75.0

Actual results:

Currently Add-Ons (extensions) present a risk to users as content-scripts can run in all frames of a browser hooking any DOM element or event without the ability for a website to protect this.

Being able to secure a user from being skimmed in certain iframes used in online banking/credit-card-processing is very important.

Expected results:

I'd like to request an additional permission enum be added to
https://w3c.github.io/permissions/#enumdef-permissionname

"block-content-scripts" such that a site can ask the user permission to restrict content-scripts from running in a given portion of the site.

e.g.

navigator.permissions.query({name:'block-content-scripts', frame-src: 'example.com'}).then(function(result) {
    if (result.state == 'granted') {
...

Once this permission is granted the site can refresh and content-scripts will be blocked from the DOM

OS: Unspecified → All
Hardware: Unspecified → All
Summary: Site Permissions: Disable browser extensions for this site → Site Permissions: 'Disable browser extensions for this site'

+1

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Product: Firefox → WebExtensions
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE

This reporter is asking for websites to be allowed to restrict webextensions from running. AFAIK bug 1497075 is about users being able to disable webextensions on specific pages.

Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---

Ah, you're right thanks for catching that. I'm having a hard time seeing a compelling case for this but the addons team can decide.

Yes, [:evilpie] is right this is for a site being able to request content script injection blocking, similar to how it can make a request for geolocation or camera.

Are you able to remove the duplicate tag so this is still triaged?

Thanks!

We won't allow websites to disable content scripts. We see more value in offering the ability to toggle extensions for specific (groups) of websites (beyond content scripts), through bug 1365019 for example.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago4 years ago
Resolution: --- → WONTFIX
See Also: → 1365019
You need to log in before you can comment on or make changes to this bug.