Limit host permissions to urls that handlers are actually used on

[dantman]

The extension requests permission to inject scripts into pages for all websites the user visits. However there is only a finite list of handlers so there is no need to ask for permission to override the entire internet.

Ideas:

• Replace <all_urls> with individual matches for each host in the manifests
• Move accept code out of individual handlers, replace it with a json file that defines a list of url matches for each handler. Then the handler code can match urls with that pattern similarly to how Chrome matches urls. And a gulp script can populate the manifests with urls.
• Alternatively to filling url matches into the permissions, they could be put into optional permissions and we could avoid asking for permission until a user actually visits one of the video sites and responds to a notification saying we can track anime for them.
• I'm not sure if it works elsewhere, but Chrome also allows you to just put <all_urls> in optional permissions, then asking for permission is completely dynamic. You don't need to ask for permission for all websites up front, the permissions list doesn't change over time so nothing changes at updates even if handlers are added, and we only need to ask for permission for video sites that the user actually visits.

[TSedlar]

9163341 adds support for this