RoxKilly

@beberlei Can the extension you linked to be used without internet access? Meaning can I profile and see my results all locally? Or does this require a paid account or...

@Synzvato If you implement this, consider adding a warning about the danger importing JavaScript from untrusted sources. To give you ideas, consider how [Greasemonkey add-on](https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/) handles this same vulnerability. To...

I wasn't suggesting changing the add-on itself when I discussed listing URLs instead of including scripts. The add-on would still come with its bundled scripts. I was talking about the...

> What would prevent a devious package maintainer from simply linking to malicious resources? Nothing would prevent it, but it wouldn't matter. Suppose the attacker wants to run `bad.js` on...

@stewie Providing mappings instead of the JS content is what I've been advocating for as well. The scripts themselves would be downloaded at bundle install time, and there will be...

@Synzvato Thanks for taking the time to explain. I better understand your position. If you don't want to rely _at all_ on contact with the CDNs and if you're worried...

In my opinion there are deep security concerns in allowing a 3rd party to provide redirect commands to the add-on. All it would take is one evil mapping to, for...

> It could be implemented as an advanced user option (ticking a box, a warning box, etc). As for the security issue I can't see it doing more harm than...

I thought about them too; you're right they're not widespread.

@najjara Oh I get it. I absolutely agree with you; that's also what I suggested but I don't think the author liked the idea of connecting to the CDNs, even...