Continuing the discussion from [WebExtensions] Future of innovative add-ons:
Good.
How to make clear that a certain page belongs to a locally-installed add-on the user trusts? This should be implemented because add-ons often handle security-sensitive things and phishing is terrible. Previously we could tell the users the right URIs of the add-on UIs since they are static resource:
or chrome:
addresses. But with WebExtensions all the addresses are randomized, so this is not good for user experience. (Recognizing moz-extension:
part is not enough: you cannot tell the add-on’s name from it)
Resources in WebExtensions should indicate their identities.
Mockup:
This of course should be distinguishable from HTTPS pages or Firefox pages.