can you please mention why new permissions are needed?

[tessus]

I got a popup today that new permissions are needed for the add-on. Then I checked the gh page and the Add-on page for Firefox, but there's no info on it anywhere. In fact there is no explanation for any of the permissions.

Any chance you could provide that info in the README.md in a section called permissions.

e.g. name of permission, date added, why it is needed

[tessus]

Also, I'd really like the option to turn off the functionality where reading my clipboard is needed. I do not want any application to read my clipboard. Forcing this onto someone raises a red flag.

P.S.: I installed this addon to get a nice json output from web sites (especially since a lot of APIs return the json as one long string). That's it. I don't need the app to format my clipboard. I can use jq for that.

[lauriro]

Although not very clear, release notes in Add-on page mention new features. "Format clipboard" feature need this, used by document.execCommand("paste") in edit.js.

Your concern feels reasonable, I will investigate how to use optional permissions. And documentation can be always better :)

P.S. You are welcomed to audit this extension, 750 line in total is not completely insane.

[tessus]

Unfortunately I can't. I don't know much about js. If it were C, I'd be doing it right away. But my js knowledge is too less to audit js code.

[tessus]

Your concern feels reasonable, I will investigate how to use optional permissions.

Well, I'm ok with allowing the permission, if there's a checkbox in preferences that allows me to turn off monitoring of the clipboard. I doubt there's a way to request a permission at runtime. :-(

[lauriro]

It does not "monitor" the clipboard, "paste" is called only when edit view is opened with "Format clipboard".

Removing auto-paste sounds even more reasonable, open editor and paste by yourself when needed - no permissions required.

[tessus]

On the other hand I do understand that for people who do want to format data from the clipboard would appreciate this auto-paste.

As long as there is some explanation why this is needed I'm ok with it. So, if there's no monitoring and the line above is the only reason for this permission, I'm ok with it.

[PHPGangsta]

I did not install the update because of the new permission needed in Firefox. Please remove it, it feels better without it. If someone hijacks the extension in the future, the damage would not be so huge :-)

A text-area where someone can paste code would be enough.