diff --git a/docs/permissions.md b/docs/permissions.md new file mode 100644 index 00000000..8156c746 --- /dev/null +++ b/docs/permissions.md @@ -0,0 +1,31 @@ +# Yomichan Permissions + +* ``
+ Yomichan requires access to all URLs in order to run scripts to scan text and show the definitions popup, + request audio for playback and download, and connect with Anki. + +* `storage` and `unlimitedStorage`
+ Yomichan uses storage permissions in order to save extension settings and dictionary data. + `unlimitedStorage` is used to help prevent web browsers from unexpectedly + deleting dictionary data. + +* `webRequest` and `webRequestBlocking`
+ Yomichan uses these permissions to ensure certain requests have valid and secure headers. + This sometimes involves removing or changing the `Origin` request header, + as this can be used to fingerprint browser configuration. + +* `nativeMessaging`
+ Yomichan has the ability to communicate with an optional native messaging component in order to support + parsing large blocks of Japanese text using + [MeCab](https://en.wikipedia.org/wiki/MeCab). + The installation of this component is optional and is not included by default. + +* `clipboardWrite`
+ Yomichan supports simulating the `Ctrl+C` (copy to clipboard) keyboard shortcut + when a definitions popup is open and focused. + +* `clipboardRead` (optional)
+ Yomichan supports automatically opening a search window when Japanese text is copied to the clipboard + while the browser is running, depending on how certain settings are configured. + This allows Yomichan to support scanning text from external applications, provided there is a way + to copy text from those applications to the clipboard. diff --git a/ext/bg/js/permissions-main.js b/ext/bg/js/permissions-main.js new file mode 100644 index 00000000..3e46c3f2 --- /dev/null +++ b/ext/bg/js/permissions-main.js @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2020 Yomichan Authors + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/* global + * api + */ + +async function setupEnvironmentInfo() { + const {browser, platform} = await api.getEnvironmentInfo(); + document.documentElement.dataset.browser = browser; + document.documentElement.dataset.os = platform.os; +} + +async function isAllowedIncognitoAccess() { + return await new Promise((resolve) => chrome.extension.isAllowedIncognitoAccess(resolve)); +} + +async function isAllowedFileSchemeAccess() { + return await new Promise((resolve) => chrome.extension.isAllowedFileSchemeAccess(resolve)); +} + +async function hasPermissions(permissions) { + return await new Promise((resolve) => chrome.permissions.contains({permissions}, resolve)); +} + +async function setPermissionsGranted(permissions, shouldHave) { + const has = await hasPermissions(permissions); + if (shouldHave === has) { return has; } + + return await ( + shouldHave ? + new Promise((resolve) => chrome.permissions.request({permissions}, resolve)) : + new Promise((resolve) => chrome.permissions.remove({permissions}, (v) => resolve(!v))) + ); +} + +(async () => { + try { + document.querySelector('#content-scroll-focus').focus(); + document.querySelector('#extension-id-example').textContent = chrome.runtime.getURL('/'); + + api.forwardLogsToBackend(); + await yomichan.prepare(); + + setupEnvironmentInfo(); + + const permissionsCheckboxes = [ + document.querySelector('#permission-checkbox-clipboard-read'), + document.querySelector('#permission-checkbox-allow-in-private-windows'), + document.querySelector('#permission-checkbox-allow-file-url-access') + ]; + + const permissions = await Promise.all([ + hasPermissions(['clipboardRead']), + isAllowedIncognitoAccess(), + isAllowedFileSchemeAccess() + ]); + + for (let i = 0, ii = permissions.length; i < ii; ++i) { + permissionsCheckboxes[i].checked = permissions[i]; + } + + permissionsCheckboxes[0].addEventListener('change', (e) => { + setPermissionsGranted(['clipboardRead'], e.currentTarget.checked); + }); + + await promiseTimeout(100); + + document.documentElement.dataset.loaded = 'true'; + } catch (e) { + yomichan.logError(e); + } +})(); diff --git a/ext/bg/permissions.html b/ext/bg/permissions.html new file mode 100644 index 00000000..a1138aee --- /dev/null +++ b/ext/bg/permissions.html @@ -0,0 +1,144 @@ + + + + + + Yomichan Permissions + + + + + + + + + + + + +
+
+ + + +

Yomichan Permissions

+ +

+
+
+
+
<all_urls>
+
+ Yomichan requires access to all URLs in order to run scripts to scan text and show the definitions popup, + request audio for playback and download, and connect with Anki. +
+
+
+
+
+
storage and unlimitedStorage
+
+ Yomichan uses storage permissions in order to save extension settings and dictionary data. + unlimitedStorage is used to help prevent web browsers from unexpectedly + deleting dictionary data. +
+
+
+
+
+
webRequest and webRequestBlocking
+
+

+ Yomichan uses these permissions to ensure certain requests have valid and secure headers. + This sometimes involves removing or changing the Origin request header, + as this can be used to fingerprint browser configuration. +

+

+ Example: Origin: +

+
+
+
+
+
+
nativeMessaging
+
+ Yomichan has the ability to communicate with an optional native messaging component in order to support + parsing large blocks of Japanese text using + MeCab. + The installation of this component is optional and is not included by default. +
+
+
+
+
+
clipboardWrite
+
+ Yomichan supports simulating the Ctrl+C (copy to clipboard) keyboard shortcut + when a definitions popup is open and focused. +
+
+
+
+
+
clipboardRead (optional)
+
+ Yomichan supports automatically opening a search window when Japanese text is copied to the clipboard + while the browser is running, depending on how certain settings are configured. + This allows Yomichan to support scanning text from external applications, provided there is a way + to copy text from those applications to the clipboard. +
+
+
+ +
+
+
+
+
Allow in private windows (optional)
+
+

+ When enabled, Yomichan is able to scan text and show definitions in private/incognito web browser windows. +

+

+ This option can be configured from the web browser's extension settings pages. +

+
+
+
+ +
+
+
+
+
Allow access to file URLs (optional)
+
+

+ When enabled, Yomichan is able to scan text and show definitions on local HTML files located using the file://* scheme. +

+

+ This option can be configured from the web browser's extension settings pages. +

+
+
+
+ +
+
+
+ +
+ +
+
+ + + + + + + + + + +