search

os-scar / overlay

Overlay is a browser extension helping developers evaluate open source packages before picking them
MIT License
218 stars 16 forks source link

Chrome says Overlay is accessing to the browser history #147

Open baruchiro opened 1 year ago

baruchiro commented 1 year ago

image

A quick research gave me this information:

The tabs permission will add a warning of Read your browsing history, that's because I can listen to chrome.tabs.onUpdate and record the active browser history, from now on.

I see the best practice is to use activeTab, we should check if we can use it instead of tabs.

Links:

https://github.com/os-scar/overlay/blob/bda5fc772e3db91c7660c7bb2296440a347fe402/src/manifest.chrome.json#L40 Chrome extension tabs permissions shows "Read your browsing history" The tabs warning Use the activeTab permission

Originally posted by @baruchiro in https://github.com/os-scar/overlay/discussions/145#discussioncomment-6593266

What to do

You need to change the tab permission on the manifest files to activeTab.

Overlay is accessing all tabs when the user changing the settings from the Popup, but changing the permission will break it. Instead, we need to use tabs.onActivated to actively check if the setting changed when a tab becomes active.

Also, check other usages of browser.tabs are not broken.

aviv1620 commented 1 year ago

"when the user changing the settings from the Popup" What popup is this?

baruchiro commented 1 year ago

The extension popup developed in src/popup

aviv1620 commented 1 year ago

can you add screenshot?