As a novice plugin developer, it is impossible to have permissions cleared after my plugin is installed initially. I unintentionally invoked the Script Injection Permissions because I arranged my plugin in a certain way (the parent as a script rather than a folder – this deserves a whole new post). I changed the structure and I didn’t see a difference in the permission visibility under the plugin management, even after uninstalling and reinstalling the plugin:
I expected that once the system isn’t invoked, the preexisting permissions would get cleared after reinstalling. But since it stayed, it led me to believe that the red flag was something else. This not only created confusion, but it also sullied my plugin’s perception of security since having to accept such permissions is a bit alarming.
It wasn’t until I made a dummy plugin that I realized that even after removing the red flag, the permission for that very plugin still stays. I had to publish it as a new dummy plugin to see that no permissions were needed. This is inconvenient and a bit misleading.
Of course, if the system was to still get invoked, then it should just re-prompt the allow/deny modal instead of assuming the initial choice.
If this gets changed, it would improve my plugin experience as a developer because I can have my plugins’ permissions cleared without having to go through the hassle of publishing it as an entirely new plugin. All that existing users would have to do is reinstall. Seeing the permissions clear is like removing a stain, which would allow the surface to shine (i.e. allowing a plugin to establish a sense of security).
Thank you for reading this,
And have a great 2021!