Only allow PageExtender to run on specific sites

[habibalamin]

As an example, here's PageExtender:

and here's SponsorBlock:

I need to make a fix to a specific webpage, which I can do with a simple polyfill, but PageExtender requires me to allow it to see my entire browsing history, passwords, phone numbers, credit cards, etc. on all sites.

[gingerbeardman]

I'm just a user... and a former Apple engineer... here is my experience fwiw.

This is boilerplate text from Apple/Safari when the extension needs to be able to modify the page (to inject your polyfill JS).

What it comes down to is "do you trust the developer?" or, perhaps, "is the code doing anything nefarious?" and the code is in this repo for you to check. Or in the app if you want to inspect its contents.

Related reading:

• https://lapcatsoftware.com/articles/security-safari-extensions.html

With some extensions you can enable/ask for permission per-domain, such as one I use called Super Agent, not sure if that feature or type of permissions could be retrofitted into PageExtender. I guess this is your request, right?

[habibalamin]

Sure, I understand that, for most users, they'll probably just want to enable it on all sites by default so that if they ever need to add a script or stylesheet for any given domain, they can just create the file and be done with it.

I used to use a similar extension in the past called Stylish, IIRC, which ended up getting sold off to SimilarWeb and essentially used as a mechanism to mine sensitive user data without their consent or knowledge. I forget most of the details, but IIRC, I never added that many styles, I think I even had zero for most of the time I had it installed, so I thankfully had disabled it before it got sold off (if the Safari version was even by the same author and got sold as well). I think it even was open source at the time as well, but I'm not sure. For anyone who'd had it enabled, tightly restricting its access to only the one or two sites they used it on would have saved a lot of people.

Either way, I could read through the source, then build this extension locally, and go through whatever hoops I have to go through to allow Safari to install an unsigned extension so I can trust it, or I could just get an easy to install auto-updated App Store version with restricted access. Of course, it's not perfect, but I think this would be a huge step for privacy/security with much less of a convenience hit than the current security-minded option.

And yes, you understood my request correctly.