Why do we need an extra permission simply for starting a search?

Add-ons Development
#1

To start a search from an add-on there is a nice API. However, it requires another “search” permission…

I don’t like that…
I mean, okay, for getting all search engines I think it is acceptable, as this can obviously contain private information.
But, IMHO; if you just want to trigger a search with the default provider (i.e. you leave out the engine parameter), it should not prevent me from doing that.

I mean, after all, if I knew the search engine the user used, I could just open a new tab without any extra permissions with the correct URL string… So this discourages me from using the API and implementing such an ugly workaround.

BTW use case: I basically want to use/start a search as a fallback, if the user does not want to use the keyword search (omnibar API), i.e. disables it.

1 Like
Omnibox: Can we disable it?/Offer opt-in/opt-out
#2

I believe the reason it is a permission is

  • there is no reason for it not to be behind one
  • it could be used in malicious ways (I don’t remember the exact scenario)
  • You only know the name but not the actual search URL exactly because that is behind a permission.

And finally, permissions only really matter if they confuse the user, in which case you have to describe them. Generally there is nothing bad about having to add a permission to use a feature. Permissions are mainly declarations that you intend to use an API within your extension.

#3

Thanks for the reply.

So yes, I actually did not think about the fact that you can obviously get out the user’s default search engine if you trigger a search and then read the URL. (which requires the activeTab permission, but as that is only granted on click on a browserAction or so, maybe actually rather the tabs permission, anyway.)

Also, maybe it helps a little to see, why I want to do so. Basically it’s just a little workaround/fallback, which IMHO justifies no extra permission in my use case: