This is a little concerning.
I definitely appreciate your concern. This warning does seem excessive, considering the extension’s limited functionality, which only allows opening URLs in Arctic. This is Apple being thorough and transparent about the capabilities of Safari extensions.
Safari extensions are written in JavaScript, which is injected into the webpage. Injecting code into a website theoretically enables the theft of information entered on that website.
Open In Arctic performs several tasks:
- It monitors URL changes.
- It checks if the URL matches a regular expression for a Lemmy post, comment, user, or community.
- It verifies that the server responds to Lemmy API endpoints.
- It opens the URL in Arctic or displays a banner on the webpage with an “Open” button.
Unfortunately, I cannot hard-code the sites on which the extension operates due to Lemmy’s defederated nature. Therefore, it is up to the user to restrict which pages the extension can access. Regrettably, this means that the warning will be displayed frequently unless the user allows the extension access to all sites.
As an alternative, you can disable the Safari extension and use the “Open In Arctic” action from the share menu. The Safari extension is solely for convenience.
I have experienced that AdGuard allows to separate the access levels especially if you’re only looking for URLs but some note about it might at least provide a peace of mind.
I noticed that as well. Unfortunately the extension needs its current permissions to open the URL in Arctic. I could monitor the URL without code injection, but there is no way to open the url without code injection. I wish apple would allow showing native views or alerts without needing to inject code as that would be perfect for this situation.
There is not exactly a good place to add a description explaining the access permissions. If I add it in the extension popup, it would only show after allowing it to run. Alternatively, I can add a more detailed description in the settings page, but the user will have to manually go to the settings page to see the description. It would be nice if I could add info to the alert like with photos access, but that is not possible with extensions.
Alas, I’ll add some information about this somewhere.
Ok
