There should be a way to allow extensions to execute only on specific websites like the Site access option in Edge does, this improves extensions usability and may also enhance privacy.
I was just thinking how great it would be for certain extensions (like Honey for Shopping) would be great if they can have limited access based on Sites or if using the Containers extensions already.
It sounds like "Containers" would be the best option for security due to the cookie/tracking isolation layer. Hope this gets in the line-up for a Firefox 10X release!
Sometimes while developing frontend applications it's the case that we need to test without having extra scripts injected by installed extensions.
What do you think of adding the option to disable browser extensions on localhost and/or file:// domains?
Generally speaking, I think it's even better if we can specify any custom domain (with wildcards). Ideally this sits outside about:config.
This is a Chromium feature that I find really helpful and miss from Brave. I need extensions like Grammarly for work, but I wish I could contain them to certain areas.
Completely agree - this is definitely one of those "must have" features on Chrome that I miss - I often limit extensions to the website they're used for (FakeSpot for Amazon only, SponsorSkip for YouTube, etc).
Hi folks! We're working towards shipping this feature, which depends on a much larger project. The ability to have optional permissions for a site is a new extension capability known as host permissions, that's a part of a major platform upgrade known as Manifest v3. We are working on shipping Firefox support for MV3 by the end of 2022.For more on our plans for MV3, please see the latest update from the WebExtensions team.
That’s awesome news!
That’s awesome news! It’s a great security, and perceived security, update to Firefox.
This idea has been reviewed by our product team, and we're happy to share that the feature is 'In development.' Please check out @mconnor's comment for more info and stay tuned for additional updates 😃-The Community Team
As a manifest key, it appears this will not necessarily allow the user to restrict the sites upon which an extension can load.
With the web's history of various malicious extensions having made it into popularity prior to being noticed, the security benefits of a user having the choice to reduce trust in an extension would be significant.
@JonRegarding the in-development feature: Will the described mechanism supporting MV3's implementation ease introduction of a user-exposed allow-list or block-list for "Don't allow this extension on my banking website, but use it everywhere else", for example?