NoScripts Commons Library, a collection containing Modules,
Documentation and APIs designed to for cross-browser
development / maintenance of privacy / security extensions.
Add this repository as a Git Submodule and integrate
the include.sh script into your build workflow.
As Google is imposing Manifest V3 on chromium-based browsers
and Mozilla may comply and downgrade their WebExtensions API
for compatibility sake as well, developers now have to struggle with
the limited tool-set that remains.
This library tries to alleviate some of these problems.
This library is also useful in the aspect of porting / maintaining extension
for mobile browser, such as the Fenix Android browser, considering
that often only a small subset of the desktop APIs are supported.
By abstracting the common functionality shared among security and privacy extensions,
providing consistent implementations across multiple browser engines and shielding
developers from the browser-dependent implementation details (which precisely in
the most optimistic scenario, i.e. Firefox keeping its WebExtensions API as powerful
as it is, are doomed to diverge dramatically), this library aims to minimize the added
maintenance burden and mitigate the danger of introducing new, insidious bugs
and security vulnerabilities due to features mismatches and multiple code paths.
Cross-browser issues have a chance to be fixed / worked around in single place,
ideally with the help of multiple developers sharing the same requirements.
The solutions will be subject to automated tests to timely catch regressions,
especially those caused by further changes in the different browser APIs.
The residual browser-specific differences, compromises and corner cases
which couldn't be addressed at all, or without significant performance
penalties, are clearly bench marked and documented, to make both
developers and users well aware of the limitations imposed by each
browser and capable of educated decisions, tailored to their
security and privacy needs.
This transparency should pressure browser vendors into
increasing their support level, when they're publicly shown
to be measurably lacking in comparison to their competitors.
We strive to fix security sensitive issues in the shortest
time possible - hours ideally - while protecting users.
Please report privately to security@noscript.net
To ensure confidentiality and protect users,
please encrypt your report with this PGP key.
3359 0391 70A3 CD9B 25CF 5A46 231A 83AF DA9C 2434