Wladimir Palant

Problems look mighty small from 150 miles up

Posted by Michael on April 25, 2020

According to /c/Users/Michael/Documents/2020/projects/extensions/searchlinkfix/published_extension/unpacked/manifest.json, his official extension still asks for permissions on all websites. That's a little scary. He pretended to remove this (editing the source on GitHub), but didn't actually remove it...

But it seems to be clean. In fact, while looking at just how clean it is, I came across this:

 object.hasOwnProperty(property) // Tests whether an object contains the selected property

 // e.g.: a = {12: 'hi'}; 
 // a.hasOwnProperty(12) // true

 // a.hasOwnProperty('spam') // false

Conclusion: I've become too suspicious.

 While Wladimir only removed the request to access *all* websites from the extension's preferences

 in order to appease the security conscious, and didn't actually remove it from his extension,

 the extension itself is squeaky clean. It asks for access to all URLs just because that's easiest to do

 As any good developer, he's probably just too lazy to customize the stupid permissions request,

  especially since he's already customized, in the source code, the URLs the extension actually accesses

 

 Uh oh, I may have spoken too soon:

  test\google_search.js links to his webpage. But I don't think so. I think this is just in the source (and not in the final extension) to allow for testing

  Yep. Again, absolutely beautiful code. Uses Mocha chai to test that the extension does what it should do

Enjoyed this post?

Get notified when I publish something new. No spam, unsubscribe anytime.