It is not just power users that use userscripts, any more than only power users use Adblock. Removing userscripts nets at most a minor security increase for a large usability decrease. And modifying Tampermonkey's storage from outside of Chrome would invalidate the signing. If a site tries to install a userscript, the user must confirm the script in a rather scary looking dialog. They cannot be added without the user's permission due to current security practices in both Tampermonkey and Chrome. Userscripts are not a widely known malware vector, either. However, these require confirmation from the user at install time, and even further if broad premissions are sought. The only one I can think of being a problem is being able to make a cross-origin HTTP request. Some do use certain extended APIs, but most of these are low risk. The vast majority run entirely in a website's content scope. These scripts are intentionally limited in their abilities. They allow small fixes that extensions are overkill for. Userscripts have been a mainstay of web browsing since at least Firefox 2, before Chrome was even conceived. It you remove the ability to use userscripts, not only would I have to switch browsers, but I would actively encourage others to do so, so they could continue using my scripts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |