Announcement

Collapse
No announcement yet.

Mozilla's WebExtensions API Is In Good Shape For Firefox 48

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mozilla's WebExtensions API Is In Good Shape For Firefox 48

    Phoronix: Mozilla's WebExtensions API Is In Good Shape For Firefox 48

    Mozilla has announced that for Firefox 48 their WebExtensions API is considered to be in a stable state. They encourage developers looking to develop browser add-ons to begin using this new API...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    When my current round of exams is over, I should try out WebExtensions with a uMatrix-like request filter …

    Comment


    • #3
      Does Adblock Plus and NoScript work with it?
      Else I don't care

      Comment


      • #4
        How long to port Canvasblocker, Disconnect, and NoScript to this? A quick Startpage search shows that Canvasblocker and Disconnect are available for Chrome (thus either compatable or easily ported) but NoScript cannot be directly ported to Chrome due to not enough control given to extensions. Extensions similar to NoScript do exist for Chrome but have to encrypt the whitelist with a user provided passphrase to keep websites from snooping it as a fingerprintable item. Apparently Firefox/Xul can protect that list directly, but in Chrome it has to be encrypted to keep the fingerprinting scripts out.

        Will NoScript have to do that for newer versions of Firefox or will it actually get enough capability from the extension system to operate as it does now. Compatability mode as Mozilla proposes would be an option but would slow the browser down and be deprecated from the start. Still could not possibly be as slow as allowing unrestricted, bloated scripts from overweight sites larded with 3ed party content though.

        Comment


        • #5
          Originally posted by Luke View Post
          How long to port Canvasblocker, Disconnect, and NoScript to this? A quick Startpage search shows that Canvasblocker and Disconnect are available for Chrome (thus either compatable or easily ported) but NoScript cannot be directly ported to Chrome due to not enough control given to extensions. Extensions similar to NoScript do exist for Chrome but have to encrypt the whitelist with a user provided passphrase to keep websites from snooping it as a fingerprintable item. Apparently Firefox/Xul can protect that list directly, but in Chrome it has to be encrypted to keep the fingerprinting scripts out.

          Will NoScript have to do that for newer versions of Firefox or will it actually get enough capability from the extension system to operate as it does now. Compatability mode as Mozilla proposes would be an option but would slow the browser down and be deprecated from the start. Still could not possibly be as slow as allowing unrestricted, bloated scripts from overweight sites larded with 3ed party content though.
          You might find the following paragraphs of the Mozilla blog post interesting:
          We last updated you on our progress with WebExtensions when Firefox 47 landed in Developer Edition (Aurora), and today we have an update for Firefox 48, which landed in Developer ...

          In Firefox 48 we pushed hard to make the WebRequest API a solid foundation for privacy and security add-ons such as Ghostery, RequestPolicy and NoScript. With the current implementation of the onErrorOccurred function, it is now possible for Ghostery to be written as a WebExtension. The addition of reliable origin information was a major requirement for existing Firefox security add-ons performing cross-origin checks such as NoScript or uBlock Origin. This feature is unique to Firefox, and is one of our first expansions beyond parity with the Chrome APIs for WebExtensions.
          Although requestBody support is not in Firefox 48 at the time of publication, we hope it will be uplifted. This change to Gecko is quite significant because it will allow NoScript’s XSS filter to perform much better as a WebExtension, with huge speed gains (20 times or more) in some cases over the existing XUL and XPCOM extension for many operations (e.g. form submissions that include file uploads).

          Comment


          • #6
            Luke
            Your question would be something more suited in the Mozilla blog post:
            We last updated you on our progress with WebExtensions when Firefox 47 landed in Developer Edition (Aurora), and today we have an update for Firefox 48, which landed in Developer ...


            Does the following information give you some answers:
            In Firefox 48 we pushed hard to make the WebRequest API a solid foundation for privacy and security add-ons such as Ghostery, RequestPolicy and NoScript. With the current implementation of the onErrorOccurred function, it is now possible for Ghostery to be written as a WebExtension.
            The addition of reliable origin information was a major requirement for existing Firefox security add-ons performing cross-origin checks such as NoScript or uBlock Origin. This feature is unique to Firefox, and is one of our first expansions beyond parity with the Chrome APIs for WebExtensions.
            Although requestBody support is not in Firefox 48 at the time of publication, we hope it will be uplifted. This change to Gecko is quite significant because it will allow NoScript’s XSS filter to perform much better as a WebExtension, with huge speed gains (20 times or more) in some cases over the existing XUL and XPCOM extension for many operations (e.g. form submissions that include file uploads).
            The Content Security Policy part of the blog post might be interesting for you too.

            Comment


            • #7
              Originally posted by plonoma View Post
              Luke
              Your question would be something more suited in the Mozilla blog post:
              https://blog.mozilla.org/addons/2016...in-firefox-48/

              Does the following information give you some answers:


              The Content Security Policy part of the blog post might be interesting for you too.
              This is good news for me and for those who use Firefox for security reasons. Ghostery has another bug: its code has reportedly been closed, so I replaced it with Disconnect. Disconnect isn't as sophisticated but seems to work with combined with NoScript, Canvasblocker, and that long /etc/hosts file I use to block known malicious servers. If the new Firefox works with all layers of my defenses before the old versions stop working than I don't get forced to pin Firefox and rely only on these defenses against exploits.

              What I really don't want is to have to limit all online activity to sites I trust enough to personally whitelist (blocking all others), though that has been under consideration the way things are going. A current FIrefox with all security extensions remaining available and Mozilla keeping their instruction page for shutting off all of the browser's default automated connections up to date go a long way.

              I like that page, now let's see Google post a page on how to make Chrome invisible to Google's own trackers. Google can step up to the plate or continue to be sent home...

              Comment


              • #8
                And we get closer to the time I will have to stop tracking FF updates and probably then SeaMonkey updates (last thing I heard from SM it sounded like they didn't feel they could maintain a full fork). Shit. I wonder just how many releases they will overlap between stable WebExtensions and removing XUL extensions?

                Comment


                • #9
                  this isnt new News, its been known for years Mozilla were gonna get rid of XUL Based Extensions. the New Extensions will be rather like Chromes, LIMMITED as to what they can do. Basically HTML based Extensions ,

                  Comment


                  • #10
                    Originally posted by Anvil View Post
                    this isnt new News, its been known for years Mozilla were gonna get rid of XUL Based Extensions. the New Extensions will be rather like Chromes, LIMMITED as to what they can do. Basically HTML based Extensions ,
                    see a few posts above yours, they crafted this API keeping in mind the usage of the most known privacy and security extensions, like noscript, ublock origin and company.

                    They seem to not have gone the Chrome way yet. Would have been a suicide.

                    Comment

                    Working...
                    X