Hacker News new | past | comments | ask | show | jobs | submit login

I wonder if we need a non-turning complete library for chrome extensions like we have for some packet filtering libraries and bitcoin script.

No regex.

No loops.

Constrained list of functions.

This could go a long way towards opening up the web to more extensions but also keeping it more secure.

I recently did a rev to the Polar chrome extension:


and I had to request a new permission for filtering and they're now taking a WEEK to approve my any updates due to code review.

I really only need to evaluate a URL and add headers.

This doesn't need to be turing complete.

I basically just need to take a HTTP response and headers if they're missing when a specific origin is set.

This is where Safari content blocking extensions are now. The extensions register a list of URLs with Safari with instructions to block.

The relevant API is there in Chrome though currently in beta only; see https://developers.chrome.com/extensions/declarativeNetReque...

Why no regex and (bounded) loops? You don't need turing completeness for either of these.

And what does Turing completeness has to do with security anyway?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact