Hello Pocket friends, I am curious why the Pocket chrome extension chooses to inject its UI into the page instead of using browserAction (consolidated into action in MV3). The current design presents a great risk to the user as a malicious webpage (or, another extension) can modify the behavior of the Pocket interface. I made a very quick demo that changes the behavior of the "Gear" icon for example. A higher effort version could even expand the interface to include a fake message informing the user that they need to change their password, and they're actually redirected to a phishing site, etc.
The current design is also just generally more buggy and prone to failure, some websites like Bing aggressively purge injected elements so the pocket popup appears to fail.
Hello Pocket friends, I am curious why the Pocket chrome extension chooses to inject its UI into the page instead of using browserAction (consolidated into action in MV3). The current design presents a great risk to the user as a malicious webpage (or, another extension) can modify the behavior of the Pocket interface. I made a very quick demo that changes the behavior of the "Gear" icon for example. A higher effort version could even expand the interface to include a fake message informing the user that they need to change their password, and they're actually redirected to a phishing site, etc.
The current design is also just generally more buggy and prone to failure, some websites like Bing aggressively purge injected elements so the pocket popup appears to fail.