Is your feature request related to a problem? Please describe.
Stylebot's data access permission choices are overly broad.
Describe the solution you'd like
Allow the user to grant stylebot access to specific domains. Use extension APIs that let the user select domains the extension is allowed to work with.
Additional context
Access to all domains to work is overly broad given the general intent of the tool. I may be wrong about use behavior, but it seems like most people are modifying style on specific sites.
It would be preferable to avoid granting the extension to access everything.
In the unlikely event the extension publishing login is hacked, allowing users to set access to specific domains greatly reduces the potential fallout from an attack on the plugin. (given auto-update is a default behavior, a compromised future version could gather a lot of information)
I believe I've seen this limitation available on other plugins on chrome.
Edit: Refined Github does this, but I'm not sure if you can allow users to dynamically add domains in a way that a compromised plugin could not change on its own:
Is your feature request related to a problem? Please describe.
Stylebot's data access permission choices are overly broad.
Describe the solution you'd like
Allow the user to grant stylebot access to specific domains. Use extension APIs that let the user select domains the extension is allowed to work with.
Additional context
Access to all domains to work is overly broad given the general intent of the tool. I may be wrong about use behavior, but it seems like most people are modifying style on specific sites.
It would be preferable to avoid granting the extension to access everything.
In the unlikely event the extension publishing login is hacked, allowing users to set access to specific domains greatly reduces the potential fallout from an attack on the plugin. (given auto-update is a default behavior, a compromised future version could gather a lot of information)
I believe I've seen this limitation available on other plugins on chrome.
Edit: Refined Github does this, but I'm not sure if you can allow users to dynamically add domains in a way that a compromised plugin could not change on its own: