Disabled Safari Extensions Are Not Fully Disabled
The good news is that when you navigate to a new page in a Safari tab after disabling the extension, its content script won’t get injected into the new page. The bad news is that if you navigate back to the old page with Safari’s back button, the disabled extension’s injected content script remains in the cache of the old page.
Following Nick Heer’s workaround, when you subsequently reenable StopTheMadness after updating to the latest version in the App Store while Safari is still open, Safari injects the updated extension’s content script and style sheet into open web pages that the extension has permission to access, which is typically all of them, including the pages with leftover content scripts from the previous version of the extension. Consequently, an App Store update can leave you with two different versions of the extension’s content script running simultaneously in the same web pages! This is a very undesirable situation, because the two competing scripts could conflict in unpredictable ways.
[…]
You may be wondering, since the App Store allows you to update Safari web extensions without quitting Safari, how do they avoid the issues faced by StopTheMadness and other Safari app extensions? The answer, surprisingly, is that they don’t!
[…]
In my testing, Chrome (1) does not inject the extension’s content scripts into open web pages when enabling the extension, (2) does not disable the extension’s content scripts when disabling the extension, and (3) does not include the disabled extension’s content scripts in the page cache. Firefox (1) does inject the extension’s content scripts into open web pages when enabling the extension, (2) does disable the extension’s content scripts when disabling the extension, and (3) does not include the disabled extension’s content scripts in the page cache (because of 1).
Previously:
Update (2023-12-19): Andrew Abernathy:
In general, I’m very happy about the new level of security protection on Safari extensions, allowing me to approve access for just one day. But it didn’t register to me that when I approved access for a day, it didn’t then go ahead and perform the extension’s action. I thought I had saved a bunch of items to Instapaper, but no, I have to click the toolbar button again after responding to this alert.
