quick-javascript-switcher QJS permissions explained

Hello Quick Javascript Switcher users! As some of you ask me to explain the permissions, here is a detailled topic:

Read all sites data

Differences between v1 and v2

First thing, you should know that QJS v2 requires exactly the same permissions than QJS v1, except the debugger permission.

You can find the v2 permissions here: https://github.com/maximelebreton/quick-javascript-switcher/blob/06bc1056e0ec5989d81dcfdab0989bcf98a1bf86/src/manifest.js#L8-L15

And the v1 permissions here: https://github.com/maximelebreton/quick-javascript-switcher/blob/766bde50411d36f70bfa79321a61adcae8fc444b/src/manifest.json#L14-L19

Tabs permission

Read and change your data on all websites
Change the settings that control websites access to features such as ... JavaScript

It's too much permission, I know, and I tried to do the Job with a restricted activeTab permission (commented here...), but it was too restrictive.

With activeTab permission you need to click on the extension icon to authorize it on the tab. And it's not authorized by url, or domain, it's by tab...
So if you close the tab, you need to reactivate the extension on this tab again, and at each time.
So you can't see the JS state of the tab until you click on it, and it's a big UX problem for me:

So I had to make a choice, better UX or better permissions? I've opted for better UX.

Because the code is Open Source, so you can looking at the code, and I think it's a good warranty.
For example, check the use cases of chrome.tabs:

[!IMPORTANT] If someone can give me a better solution to reduce the permission, without loosing UX, i'm very interested.

Debugger permission

This permission was required for the new pause/resume JS feature, but removed since 2.1.0 because users complain about this permission, and it seems that the feature is not very useful.

Oct 21 '24 09:10 maximelebreton

What is the purpose of switching to v2 in the first place? Is it the requirement by Google to move to Manifest v3?

If so, I've made the decision to stay on Chrome until they fully remove support for Manifest v2, at which time I'll switch browsers. My point here is that I'd like to be able to go back to the less permissive v1 version of this extension. It fit my needs extremely well for many years.

Oct 21 '24 20:10 pastudan

First of all, thanks a lot for the extension!. I used it for many years and didn't expect any updates. For me this was finished product. Didn't expect anything more from it.

`debugger` permission

Could you shed some light on "new pause/resume JS feature"? I guess that's the main concern for security aware users (additional permission debugger).

Manifest V2->V3 switch is one thing. If it was possible to do it without permission changes this is what I would do.

How to use old version

For those who don't care about V3 or new features, you should be able to find old version here: %APPDATA%\..\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje\1.4.12_0

Just copy it to safe place and load it manually into chrome. You will lose extension sync ability (won't appear on other machines) but that's the price I can pay for now.

Oct 23 '24 13:10 alan-null

This permission is required for the new pause/resume JS feature.

I don't know about that... After accepting the permission naively, and discovering the issue where I couldn't re-enable JS, I switched to another extension called "Toggle JavaScript" that doesn't require this feature.

"Quick JavaScript Switcher" worked well for years, but this new update soured me on it, and I didn't like the new context menu.

Oct 24 '24 17:10 jzombie

Like @jzombie the extension cannot toggle and is now stuck in the respective state for each site. Sites left disabled cannot toggle to enabled and vice-versa.

Oct 25 '24 16:10 cpboyd

I switched to another extension called "Toggle JavaScript" that doesn't require this feature.

I tried that one. A simple on/off switch could work, but on a larger screen it's not visible whether JS is toggled on or off (even worse than the new QJS switch).

Oct 26 '24 11:10 jb222

Like others here, I've been using QJS for a long time. I do not agree with these permissions even for better UX. Thanks for a stable time maximelebreton. Take it easy!

Oct 29 '24 01:10 TTTTTuna

Hello everybody, I understand your concerns about this v2

I'm gonna create a Chrome Webstore page with the v1 version for those who wants to stay on it
If the pause/resume JS feature isn't worth requesting a new debugger permission, I'll consider to remove this feature, and maybe creating an additional extension to support only this pause/resume feature
For the tabs permission (wich was already in the v1), I don't think it's a good move to restrict the extension to activeTab (for UX reasons I explained above), even if I totally understand the fear about this permission, but I think the open sourced code is a good answer to it.

What do you think?

I'm working on QJS on my free time, so it may take few days, thanks for your patience.

Oct 30 '24 18:10 maximelebreton

I think uploading the old v1 exactly as it was is a fantastic idea. Thanks again for the extension @maximelebreton!

Oct 31 '24 00:10 pastudan

Arf, everything was ready to publish, but Chrome webstore doesn't allow to upload a Manifest V2 extension anymore...

Sorry guys, Google is stopping me from uploading the v1 again (and any extension with manifest v2)...

But I just uploaded a v2.1.0 on the Chrome webstore with the removed "debugger" permission (and so the play/pause feature), and fixed some bugs.

Nov 01 '24 12:11 maximelebreton

I'd prefer play pause, even if it needs debugger permissions. Even if I have to install from github. What I really really want is a way to atuomatically kill javascript/release resources after the page has been idle for a period of time

Nov 12 '24 01:11 AJolly