Following up on browser extension discussion.
I’m inclined towards extensions because of the potential to off-load a significant amount of browser logic development and cross-platform concerns. I’d like to hash out the security issues that are unique to extensions and which do not apply to our current browser software.
webRequest API, a SAFE extension could intercept
HTTP/S requests and prevent fulfillment. The question is whether this is acceptable according to Add-on Policies. If this behavior violates extension policy then the rest doesn’t even matter.
As far as difficulty of development, the Firefox team makes their API’s in common with Chrome and Opera, with some minor differences in the prime configuration file. So cross-browser support would become our concern instead of cross-platform support with much less effort, iff we didn’t need what extensions call Native Messaging.
Leading into the next issue: relying on dynamically linked libraries, which we do in
safe_app_nodejs and the browser to call
We’d need an executable running natively, which the extension can communicate with using Native Messaging, to call operations exposed by our dynamically linked libraries.
This wouldn’t be difficult just time-consuming to rework communication and authentication flow, let alone the the QA to ensure that the extension correctly handled installation and registration of native binaries according to platform. Although the time spent may balance out by time saved from offloading onto Firefox and Chrome.
I’m also inclined to conclude that we shouldn’t put time and effort into extension development at this particular time because I think the time would be better spent on things like low-level data migration and management tools, improving the RDF API, and in general support for developers over end-users.