alyssaxuu / omni

The all-in-one tool to supercharge your productivity ⌨️

Home Page:https://chrome.google.com/webstore/detail/omni/mapjgeachilmcbbokkgcbgpbakaaeehi?hl=en&authuser=0

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Don't require permission to access `<all_urls>`

Explosion-Scratch opened this issue · comments

It's totally possible to make this extension respond to a command or user action rather than request permission to all_urls. This is an unnessecary permission, only activeTab is needed.

<all_urls> is not in the permissions list though, it's just a match pattern for the content scripts, so that they are injected in any URL. Theoretically I could manually inject the scripts and styles one by one when the user changes the active tab, but this would slow the users down, besides AFAIK it's best practices to use content scripts for any script that should be persistent in any website.

<all_urls> is not in the permissions list though, it's just a match pattern for the content scripts, so that they are injected in any URL. Theoretically I could manually inject the scripts and styles one by one when the user changes the active tab, but this would slow the users down, besides AFAIK it's best practices to use content scripts for any script that should be persistent in any website.

You could remove the content scripts entirely then use scripting.executeScript to run the content script. Because you would inject on keyboard shortcut or extension icon click, you'd only need activeTab. This would only require minor changes to the content scripts themselves, so that when injected they automatically open the popup instead of listening for a keyboard shortcut.

Also it's not a question, it's a suggestion

Yeah but if I did that it wouldn't be as responsive (having to load the whole thing every time), plus I feel like content scripts are just expected of Chrome Extensions anyway. I do use the executeScript method on install (since content scripts don't automatically get added on existing tabs), and I did try doing it "on demand" (by checking if the tab had the extension injected or not), it just took longer.

Yeah but if I did that it wouldn't be as responsive (having to load the whole thing every time), plus I feel like content scripts are just expected of Chrome Extensions anyway. I do use the executeScript method on install (since content scripts don't automatically get added on existing tabs), and I did try doing it "on demand" (by checking if the tab had the extension injected or not), it just took longer.

First, what did you inject? It's quite possible to only inject the HTML, then asyncronously load in the scripts, styles, etc, Also it could be faster if you used some web accessible resources

It's already slow, that's a whole separate issue, it wouldn't need to load much, loading in a content script takes a matter of milliseconds, if you're saying that querying tabs and bookmarks would take a long time you can simply poll in background then when the user presses a keyboard shortcut return the cached, then get a fresh copy and update UI. To my knowledge you are querying everything when the shortcut is pressed, so this wouldn't make much of a difference in time.

That way the data flow would look like this:

  1. Background page polling and getting bookmarks, history, actions, etc, every ~2 seconds
  2. User presses keyboard shortcut
  3. Content script injected
  4. Content script asks for data from bg script, then waits for response (this would be cached data, accurate as of <2 seconds)
  5. Search 🎉

Also, I'm not sure if you're already doing this or not, but a massive performance improvement would be to do the searching in the background, that way you can also show a loading animation in the page and not slow down the main page

plus I feel like content scripts are just expected of Chrome Extensions anyway.

Seeing a "this extension can access the contents of all pages you visit, your browsing history, and your bookmarks" makes me hesitate to install, and I'm sure many other users, which may be part of why this repo has +400 stars, but your extension only has 66 users:

image

I can look into it again, if it can remove a permission and still perform as well that's definitely worth it for sure. I'll be working on optimizations anyway to make it work faster so it could definitely work.

In terms of stats btw, they aren't updating, it always takes a few days to show the actual user count. From the dashboard I can see there's over 1000 installs, so I don't know if this permission is really causing users to hesitate.

That said it is true that some permissions really do put people off. Like I've had concerns especially regarding the "history" permission for example. But maybe it's more a matter of messaging, with my Screenity extension I made it very clear that no data was being stored and I reassured users more.

I can look into it again, if it can remove a permission and still perform as well that's definitely worth it for sure. I'll be working on optimizations anyway to make it work faster so it could definitely work.

Also what do you think about using optional permissions, e.g. just require the tabs permission at first (by default tabs and actions), then if a user tries to use something else request an optional permission, also maybe some occasional toasts to nudge users in the right direction. If I'm installing an extension and it wants to read my browsing history, all urls, etc, that's sort of scary. But if I install it then when I turn on a feature it asks for a permission like that, I'll be much more likely to grant it.

In terms of stats btw, they aren't updating, it always takes a few days to show the actual user count. From the dashboard I can see there's over 1000 installs, so I don't know if this permission is really causing users to hesitate.

Oh, that's fair lol, happens to me too

That said it is true that some permissions really do put people off. Like I've had concerns especially regarding the "history" permission for example. But maybe it's more a matter of messaging, with my Screenity extension I made it very clear that no data was being stored and I reassured users more.

I think optional permissions are a huge plus here, that's pretty much what they're meant for, if you show a toast 1/3 random times if the user doesn't have history or bookmarks permissions granted yet, then a big enable button, chances are, they'll grant it.

ezoic increase your site revenue