NoScript interfering with other webextensions

[Langenscheiss]

Hi.

As some (including me) have already reported, NoScript is intefering with the functionality of other webextensions.

As, for example, reported here

https://forums.informaction.com/viewtop ... 10&t=23993

and as I have reported on hackademix multiple times, there is currently an issue with extensions using http requests, in the sense that they are blocked if they originate from a content script.
Mozilla Firefox explicitly allows for webrequests from content scripts if they respect the same-origin policy:

https://developer.mozilla.org/en-US/Add ... nt_scripts

(see under xhr). Now, I am not sure whether the api currently offers any way to distinguish between xhr from content scripts and xhr coming from the websites themselves. Also, I am not sure whether the addition of content.XML requests in the next version of firefox will change the situation. However, if there is a way to fix this, No Script should really make use of this.

From the point of view of security, I see it the following way:
WebExtensions are, by definition, privileged. If you download and install an extension from the Mozilla portal, it has gone through code review, meaning that it has at least been checked for any malicious practices. If you download and install an extension from an untrusted source, you will still be informed on installation what permissions the extensions is requesting, and other than that, this is your own conscious decision. Now it's in principle not a totally bad idea that NoScript has some kind of "child protection" against those potentially malicious extensions, but there should be an option to permanently turn that protection off. Other extensions should be allowed to operate within the boundaries set by the browser and by the websites they are interacting with.
Or in other words: why should I sacrifice all functionality offered by my favourite, legitimate extension. Security is important, but really to the point where it completely breaks my workflow? In fact, one of the biggest advantages of legacy NoScript was that it did not interfere with other extensions. Given the above linked example, it allows you to download citations while still blocking all website-related scripts, offering more security and better workflow at the same time. In particular in cases where all the scripts originating from the website turn the latter almost unusable (yes, those websites exist, more than enough of them).

[Langenscheiss]

The "temporarily allow set top-level sites to TRUSTED" option makes my extension work again.