This blog post discusses the current state of web API permissions and argues for a more restrictive "off-by-default" approach. It highlights the Principle of Least Privilege and observes that most websites don't utilize Feature Policy or Permissions Policy effectively. The author suggests that instead of asking "what should I turn off?", developers should ask "what should I enable?". The post details the different permission models, the complexity of managing numerous permissions, and the benefits of a deny-all-then-enable approach. It also acknowledges the drawbacks and the need for tooling and guidance to facilitate this shift in thinking. The author concludes by advocating for intentionality in permission management and encouraging a discussion on the topic.
This tutorial provides a step-by-step guide to building a basic Chrome extension for posting to Google Buzz. We start by setting up the manifest file with the extension's name, version, and browser action details like the icon and tooltip. Then, we introduce a background page to handle the extension's logic, adding an event listener to detect clicks on the browser action button. Initially, we demonstrate how to display the current URL, and then extend the functionality to open a new tab directed to Google Buzz, pre-filled with the current URL for posting. The tutorial concludes by adding the 'tabs' permission to the manifest for enabling tab creation. Future enhancements will include fetching Buzz stats for the current URL, demonstrating cross-domain requests and browser_action interaction.
