search

open-eid / chrome-token-signing

DEPRECATED Chrome and Firefox extension for signing with your eID on the web
https://github.com/open-eid/chrome-token-signing/wiki
GNU Lesser General Public License v2.1
206 stars 75 forks source link

Unwanted interaction with page #28

Closed martinpaljak closed 7 years ago

martinpaljak commented 7 years ago

http://line-mode.cern.ch/www/hypertext/WWW/TheProject.html

Displays the page.js content.

martinpaljak commented 7 years ago

This is in essence similar to #4 - code is injected to all page DOM-s, regardless of the content (and unlike with pdf viewer, happens even if scripts are off). Why this specific page displays it is a different story and not that important.

As a general rule - injecting code is bad and should be shifted to the separate javascript. Even though it is beneficial to have a centralized automatic update mechanism via extension updates (which can not be controlled for website).

Maybe a solution would be to bundle the code with the extension, but include it only via hwcrypto.js. Or a magic div in the page to trigger loading of the extension-provided code (not that good either).

martinpaljak commented 7 years ago

This issue was moved to hwcrypto/hwcrypto-extension#4