Isolated content environment proposal (2016)
It would be super-cool to have an isolated environment on each tab. It may be a bit hard technically, but it should make Firefox the best browser for security/privacy ever.
- This provides a secure and intuitive practice for a common case among the add-ons.
- This could eliminate many add-on fingerprintability issues beautifully.
Isolated resource references (Content scripts can reference and inject add-on resources but webpages can’t)
- Actually, the number of the cases where webpages themselves need to access add-on resources is small. Just content scripts use them in most cases. We can always make exceptions for minority cases via whitelisting.
- DOM isolation: webpages can’t see add-on-injected DOM. (Unless explicitly whitelisted, obviously)
- Isolated privileges (this is mostly managed by sandboxing)
(I don’t intend to disclose a secret report. I can’t access 1120398, sorry… As the developer of this add-on, I’d appreciate updates on the bug, though.)
- An add-on that wants to use web-exposed content scripts should request the permission explicitly.
- AMO and Add-on manager show which add-ons have web-exposed content scripts or add-on resources.
I think this is the way to go. Any idea is welcome. I’d like more people to think about this. Thanks.