Locking down in-app browsers seems like a reasonable trade-off. Kind of surprised it wasn't the case before, since browser extensions have had site permissions for ages now.
One could just follow what browsers do for extensions: have the developer specify a list of all the hostnames that they want to enable script injection on in a manifest, and ask for permissions at the start. Anything not on the list must be loaded via a sandboxed browser.
Keeps legitimate uses functional while preventing broad script injection.
One could just follow what browsers do for extensions: have the developer specify a list of all the hostnames that they want to enable script injection on in a manifest, and ask for permissions at the start. Anything not on the list must be loaded via a sandboxed browser.
Keeps legitimate uses functional while preventing broad script injection.