Shouldn't browsers protect what users write from being seen by the website (like customer support chats) before hitting send? Would it be difficult to implement?
I'm sure its common knowledge by now that whatever you write in text boxes on customer support chats can be seen by whoever is on the other side, without or before hitting send. Don't you think that's a breach of privacy?! I imagine it isn't too difficult to implement a fix for it: The browser (like Firefox) could choose not to upload the user input to wherever the website links to, without user input (like click a send button).
The Firefox extension API explicitly requires user actions before an extension can do things like open popup windows.
That’s generally not how this works. Firefox doesn’t send what you’re typing to the website. Whoever developed the website made JavaScript that monitors the input for changes, and then sends a request to the host with the changes. To Firefox, this is simply two, non suspicious events. The JavaScript wants to see what is typed - that’s reasonable, could be to do some processing or update some text on the website. The website wants to make a http request - also totally fine, could be an API query for a search. There would be no reliable way to stop a website from sending what you type back to the host.
Open notepad or similar locally, write your message, think about it, delete, go back and edit, when you’re ready, copy and paste into the chat window. You can save your side of the chat so that you have a record of what you said.
It's pretty standard to send keypresses to the backend before the user hits submit (otherwise search boxes couldn't do auto completion for example)
You could maybe write an extension that tries to detect the difference between this and a 'full submit' (and block those network requests) but I bet it would be very unreliable