This is a cool user script.

Thank you !

I do want to encourage anyone running user scripts on their email clients to be very careful.

What about stuff that runs everywhere, including email clients ?

uBO for example, is a much bigger codebase that no random user is gonna read, yet it does run on ProtonMail and there’s no way to be sure no malicious person injected something in there to read people’s emails.

In addition, I also have userscripts that technically do run everywhere, but only do something concrete on some websites, that I don’t have a finite list of URLs for.

For example, Fediverse redirector is a userscript that redirects any Fediverse app instance to the user’s choice. But, any URL may be a Fediverse app, and I need to check it first. Same with Enhancements for Forgejo, this one adds features to Forgejo instances, but any URL could be a Forgejo instance.

if you don’t understand every bit of the script you are opening yourself up to exploitation

Yeah, maybe I should add some comments, and also highlight the import of createFetchInterceptor (still my own code but in a separate file for reusability).

This is the privacy community after all.

* Piracy 😉