5 Commits

Author SHA1 Message Date
avinal 5211fa1f8f fix: resolve all web-ext validation warnings
Bump strict_min_version to 142.0 for data_collection_permissions
support, and replace all innerHTML usage with safe DOM APIs.

Assisted-by: Claude Code
Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
2026-04-28 00:26:01 +05:30
avinal 5c3c917381 feat: change default shortcut to Ctrl+Space and add data collection permissions
Assisted-by: Claude Code
Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
2026-04-28 00:18:57 +05:30
avinal 8bd3577be2 feat: add extension icons and prepare for AMO submission
SVG source icon with generated PNGs at 48/96/128px. Add
browser_specific_settings with gecko ID for Firefox Add-ons.
Restrict CSP img-src to self and data URIs.

Assisted-by: Claude Code
Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
2026-04-28 00:18:56 +05:30
avinal 669d39e1dd fix: postMessage security hardening and highlight grouping
Add per-session nonce to all postMessage exchanges between content
script and iframe, use targeted origin instead of wildcard, add explicit
CSP to manifest. Group consecutive matched characters into single mark
elements to fix visual spacing.

Assisted-by: Claude Code
Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
2026-04-28 00:18:56 +05:30
avinal eae5309843 feat: project infrastructure and MV3 extension setup
TypeScript + esbuild build system, Manifest V3 with background script,
content script for iframe overlay injection, and typed message contracts
between extension contexts.

Assisted-by: Claude Code
Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
2026-04-20 17:14:35 +05:30