• Arthur Besse@lemmy.ml
    link
    fedilink
    English
    arrow-up
    13
    ·
    edit-2
    15 days ago

    This add-on is not actively monitored for security by Mozilla. Make sure you trust it before installing.

    It’s pretty lame that Mozilla’s addons site still doesn’t show source code which is guaranteed to correspond to the binary you’re installing.

    Anyway, I went and read the source on github (which probably corresponds to the extension one can install) and while this part seems very straightforward this other part exceeds my understanding 😂 (i’m not suggesting it is malicious, i just don’t understand everything it is doing there or why it is necessary).

    What I was really looking at the source for was to see if they were simulating keystrokes (and inserting plausible delays between them) to defeat a more determined anti-pasting adversary, or if they were simply suppressing the hostile website’s onPaste handler so that pastes can happen as normal. And: they are doing the latter.

    I wonder if any paste-blocking websites detect and defeat this extension yet?