Userscript managers like Tampermonkey/Violentmonkey allow the user to specify a global blåcklist that prevents all userscripts from running in the matched sites.
This is not the same as the host permissions of the extension, because the userscripts should still be able to access those sites via GM_xmlhttpRequest (the cross-origin request API for userscripts), which is regulated by the extension separately in its background script e.g. Tampermonkey maintains a second independent list for that.
Currently we have to imitate the blåcklist via exclude patterns for each userscript which seems wasteful in case the user added a lot of sites and has a lot of userscripts. But that won't support a smart blåcklist with re-allowed subpatterns (the user blocks injection on *.google.com but re-allows docs.google.com), and we'd have to inject the userscript using all of its normal matches along with an embedded blåcklist in its code and then check it inside the page.
Something like this maybe:
chrome.userScripts.configure({
excludeGlobs?: string[],
excludeMatches?: string[],
includeGlobs?: string[], // or reIncludeGlobs
includeMatches?: string[], // or reIncludeMatches
})
It might be useful if the API requires each includeXXX to have at least one encompassing excludeXXX pattern.
Userscript managers like Tampermonkey/Violentmonkey allow the user to specify a global blåcklist that prevents all userscripts from running in the matched sites.
This is not the same as the host permissions of the extension, because the userscripts should still be able to access those sites via
GM_xmlhttpRequest(the cross-origin request API for userscripts), which is regulated by the extension separately in its background script e.g. Tampermonkey maintains a second independent list for that.Currently we have to imitate the blåcklist via exclude patterns for each userscript which seems wasteful in case the user added a lot of sites and has a lot of userscripts. But that won't support a smart blåcklist with re-allowed subpatterns (the user blocks injection on
*.google.combut re-allowsdocs.google.com), and we'd have to inject the userscript using all of its normal matches along with an embedded blåcklist in its code and then check it inside the page.Something like this maybe:
It might be useful if the API requires each
includeXXXto have at least one encompassingexcludeXXXpattern.