Power users can mess with convoluted settings. Power users can download dev versions (like we already can to use unsigned extensions). And most people will assume "power user" means a small fraction of users, when userscript use is actually fairly high.
While I am a power user, many of those who use my scripts are not. I don't think framing this as a power user issue is the best idea. It is extremely important to developers and users alike that userscripts remain viable in a modern web browser.
There is a reason why, when Firefox changed models, it was made imperative that userscript engines would still work, to the point that Firefox has actually added special userscript APIs to help GreaseMonkey work in as secure a manner as possible, putting its scripts in proper sandboxes. It is not just power users that use userscripts, any more than only power users use Adblock. Removing userscripts nets at most a minor security increase for a large usability decrease. And modifying Tampermonkey's storage from outside of Chrome would invalidate the signing. If a site tries to install a userscript, the user must confirm the script in a rather scary looking dialog. They cannot be added without the user's permission due to current security practices in both Tampermonkey and Chrome. Userscripts are not a widely known malware vector, either. However, these require confirmation from the user at install time, and even further if broad premissions are sought. The only one I can think of being a problem is being able to make a cross-origin HTTP request. Some do use certain extended APIs, but most of these are low risk. The vast majority run entirely in a website's content scope. These scripts are intentionally limited in their abilities. They allow small fixes that extensions are overkill for. Userscripts have been a mainstay of web browsing since at least Firefox 2, before Chrome was even conceived.
It you remove the ability to use userscripts, not only would I have to switch browsers, but I would actively encourage others to do so, so they could continue using my scripts.
0 kommentar(er)
