Re: [-Fx-][-GC-] WebExtension Manifest v3 現況已刪文

看板Browsers (瀏覽器)作者danny0838 (道可道非常道)時間2年前 (2022/01/27 07:13)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串3/14 (看更多)

※ 引述《danny0838 (道可道非常道)》之銘言： : ※ 引述《ettoolong (ettoolong)》之銘言： : : 執行動態產生的程式碼, Chrome 在 v3 中對此作了更多限制來提高安全性, : : Firefox 將跟進此設計. : Monkey 已死 Violent monkey 的 issue: https://github.com/violentmonkey/violentmonkey/issues/505 Tampermonkey 的 issue: https://github.com/Tampermonkey/tampermonkey/issues/644 結論：Monkey 類目前沒辦法升級至 MV3。裡面有提到 Google 有計畫讓 power user （系統管理員？）可以設定 user script 或 CSS，但目前八字沒有一撇，也沒看到相關的 API 和文件。另外裡面還有提到 Google 對 MV3 套件有明確額外規範： Additional requirements for Manifest V3 Extensions using Manifest V3 must meet additional requirements related to the extension's code. Specifically, the full functionality of an extension must be easily discernible from its submitted code. This means that the logic of how each extension operates should be self contained. The extension may reference and load data and other information sources that are external to the extension, but these external resources must not contain any logic. Some common violations include: * Including a <script> tag that points to a resource that is not within the extension's package * Using JavaScript's eval() method or other mechanisms to execute a string fetched from a remote source * Building an interpreter to run complex commands fetched from a remote source, even if those commands are fetched as data 所以有些人想到的用 evaljs 或 WASM 等方式繞過的方式都算違規。其他討論： https://groups.google.com/a/chromium.org/g/chromium-extensions/c/hQeJzPbG-js -- 《終結內容農場》瀏覽器套件 Chrome: http://bit.ly/CFTGC (桌機 & Kiwi Browser on Android) Firefox: http://bit.ly/CFTFx (桌機 & Firefox for Android) 真相：http://bit.ly/CFTss1、http://bit.ly/CFTss2 詳細介紹：http://bit.ly/CFTinfo -- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 59.115.60.81 (臺灣) ※ 文章網址: https://www.ptt.cc/bbs/Browsers/M.1643238823.A.88D.html ※ 編輯: danny0838 (59.115.60.81 臺灣), 01/27/2022 07:23:00