anthonynosek
commented
8 years ago We will have to investigate this. Have you downloaded the source to investigate by any chance? You can report back any findings and we can work on a viable solution.
Closed mohanraj-r closed 1 month ago
anthonynosek
commented
8 years ago We will have to investigate this. Have you downloaded the source to investigate by any chance? You can report back any findings and we can work on a viable solution.
mohanraj-r
commented
8 years ago Thanks for the response @anthonynosek No I haven't peeked at the source yet. I don't know Javascript and hence won't be able to do it any time soon. Will be great if you can come up with something.
I have been using the Bookmarklet | Spreeder as a workaround for now.
tomzx
commented
8 years ago This is probably caused by the fact that the manifest.json declares the use of content_scripts, which will be injected into the page upon matching specific rules (in Sprint Reader's case, all http:// and https:// prefixed addresses). The injected script is used to pass selection to the viewer. As it is injected in pretty much every page, and chrome cannot tell what the script does with the content, then it assumes that pretty much anything can be done with it.
It does appear to be possible to negotiate permissions (see https://developer.chrome.com/extensions/permissions), however the permission itself is requested by content_scripts and not as an explicit permission. It might be possible to do it another way (see http://stackoverflow.com/questions/26667112/optionally-inject-content-script).
anthonynosek
commented
7 years ago @tomzx Is this something you would like to tackle? Might be a good (small) project to help reduce the number of permissions required by Sprint Reader.
anthonynosek
commented
1 month ago Permissions reviewed and reduced with the release of version 3.0.0
I would love to try out this extension. But the "Read and change all the data on the websites you visit" part of the permissions bothers me. I get some comfort in that it is open-source. But couldn't help wondering why the permission to read all data on all websites is required. Wouldn't it be possible to just have the "Read data you copy and paste" permission?
Wish Chrome offered finer grained controls in terms of giving more details and ability to control or restrict them e.g. when it says 'Read and change all the data .. etc'.
Anyways does Chrome offer any way to make it easy for the extensions developers to negotiate the permissions with users at install time by selectively enabling / disabling features related to user selected permissions. E.g. If I as a user would like to disable the 'Read and change all the data ..' part by trading some functionality would it be possible for an extension developer to offer that?
Or is the only viable option be to fork and create another version of the extension with the specific permission and corresponding functionality removed - if it is at all possible to do so without sacrificing the main workflows. Or maybe make it as an Chrome App where text is pasted and read.