Table of Contents Previous entry (Q303) Next entry (Q305)
Q304: What permissions are necessary to run Tampermonkey and why?
A304 Tampermonkey requires the following permissions. Some of them might be optional at some browsers and need to be granted only when used.
- "notifications" for
GM_notification, Tampermonkey related notifications
- "tabs" to find the active tab and navigate, create and close tabs in general
- "idle" to not show update notifications if your playing a game
- "webNavigation" install userscripts, check URLs for matching scripts
- "webRequest webRequestBlocking" install userscripts, check URLs for matching scripts, modify request details for
GM_xmlhttpRequest
- "storage" to store your userscripts
- "unlimitedStorage" to store many of your userscripts 🤓
- "contextMenus" for
@run-at context-menu
- "chrome://favicon/" to easily get the favicons of pages
- "clipboardWrite" for
GM_setClipboard
- "cookies"
GM_xmlhttpRequest, GM_cookies
- "<all_urls>" to run your userscripts at every page and to allow them to modify the page
- "downloads"
GM_downloads, storing Tampermonkey backups
In Chrome these permissions translate to:
- Read your browsing history
- Display notifications
- Modify data you copy and paste
Especially the first one looks a little bit strange.
In fact it's not possible for Tampermonkey to get access to your browser history when it is installed.
In theory Tampermonkey could access the history of all currently open tabs and store "new" history once installed, but this is neither needed nor done.
However, because of this fact the Chrome team maybe thought that printing a too broad warning is better than a too flat one. There also is a bug report for this.
In Firefox this translates to
- Access your data for all websites
- Input data to the clipboard
- Download files and read and modify the browser’s download history
- Display notifications to you
- Access browser tabs
- Store unlimited amount of client-side data
- Access browser activity during navigation
