FirefoxDelayWebpage
FirefoxDelayWebpage copied to clipboard
OskarDamkjaer
Settings to set which pages the extension should work on
@miku86 This could be implemented, but would come at the cost of granting the extension a privileged context to all of the sites you visit. That has security and performance downsides.
A quick alternative would be to clone the repo locally and manually modify the manifest.json file to include your desired sites and then installing from your local repo. Installing an extension from a local repo comes with its own trade offs, but for a developer using good judgement it shouldn't be a big deal.
I've also considered the security and performance downsides of having the extension active on all webpages. An idea I had was to get a list of the 25 most common distracting webpages, keep the same defaults as I have now and then have checkboxes in the settings to enable more pages if needed. There could also be a link to suggest more webpages be added to the list.
I'm not sure which way to go, but I'm open to suggestions :)
Your list of the 25 most common distracting webpages probably does not contain the well known Spanish reddit clone, some Spanish sports newspapers, etc. Just to give a bit of perspective on how useless this will be if configuring the list of sites is not possible.
Maybe two versions of the addon and each one chooses his useful/secure compromise?
You're right! I think two extensions is the way to go since it will be useless for many otherwise
I've changed the extension work on all webpages and activate based on a list of arbitrary regexes, so it should be very flexible now :)
Leaving this issue open if there are any major issues and until i've released the version that has more narrow permissions
The working version is 1.7
Instead of using hardcoded regular expressions in the source code of this add-on for the list of web sites where this extension is active, it should be a user configurable setting.
They are user configurable! I think you're referring to the default values? :)
It might be that the extension has not updated for you yet, you can force an update by uninstalling, force reloading the extension page to get by the cache and reinstall it!
@miku86 This could be implemented, but would come at the cost of granting the extension a privileged context to all of the sites you visit. That has security and performance downsides.
Great point.
AFAIK this shouldn't be a problem if the source code is public.
AFAIK this shouldn't be a problem if the source code is public.
In practice people don't look at the source code, nor do they inspect every update that occurs. No offence to this extension author, but more than a few extensions over the years have decided to monetize/sell their extensions after becoming popular. Injecting spying mechanisms from a privileged context is a worst case scenario for browser privacy since none of the standard protections like same origin policy are enforced. Mozilla does review updates, but they're not perfect and things slip by.
It's a relatively small risk all things considered, but worth considering none the less.
There's also the possibility of extension makers getting hacked or giving a malicious co-maintainer access to deployment as well. It's a shame it's not possible to configure which pages the extension is allowed to run on as a user. Any ideas on how to mitigate the problem other than deploying a version with weaker permissions? Perhaps I could include instructions on how to change the manifest and load a custom version of the extension
I think using the standard Whitelist/blacklist mode would work.
Whitelist pages would create the delay when browsing to and following a link from the the page.
Blacklist pages would override the whitelist pages on following links from the page.
