Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Couldn't CSP be used to limit which paths were valid URLs?

There could also be hierarchies of extension permissions, because they don't all need to be able to do everything.



extensions can also remove/add CSPs I think, either through modifying the header or modifying the DOM.


Yes, but you could strictly limit which extensions had that permission, make it a site specific permission, etc. Auto disabling an extension that changes to require that permission would be a start.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: