Continuing the discussion from [WebExtensions] Future of innovative add-ons:
How to make clear that a certain page belongs to a locally-installed add-on the user trusts? This should be implemented because add-ons often handle security-sensitive things and phishing is terrible. Previously we could tell the users the right URIs of the add-on UIs since they are static
chrome: addresses. But with WebExtensions all the addresses are randomized, so this is not good for user experience. (Recognizing
moz-extension: part is not enough: you cannot tell the add-on’s name from it)
Resources in WebExtensions should indicate their identities.
This of course should be distinguishable from HTTPS pages or Firefox pages.