Feature #73
Feature #72: Facilitate creation of "meta-sites"
Feature #71: Make it possible for injected scripts to bypass CORS
Implement a permissions system
0%
Description
This seems to be a common component of several security- and feature-related powers now. It probably deserves a standardized interface in order to reduce the burden of adding or removing various permissions in the future.
Please share your thoughts.
History
Updated by jahoti about 2 months ago
Could potentially draw from or just use https://jshelter.org/ alongside Haketilo (still experimental).
Updated by koszko about 2 months ago
If JSHelter turns out to be able to also work properly on sites modified by Hachette, running it in parallel would be the least problematic approach.
As to otherwise drawing from it... It might be an option, although it'll still require a serious bit of work. I personally don't consider this1 a priority as long as the scripts we're providing are somewhat trusted
-
By "this" I mean security mechanisms like those in JSHelter. Permissions for CORS bypassing are still needed ↩
Updated by jahoti about 2 months ago
As to otherwise drawing from it... It might be an option, although it'll still require a serious bit of work. I personally don't consider this1 a priority as long as the scripts we're providing are somewhat trusted
It definitely isn't at this stage, or possibly even into the future; I just wanted to make sure I didn't forget the idea.
Ideally there won't be any interference between the two and, as you note, we can have many of the benefits for no work!