I’m sure its common knowledge by now that whatever you write in text boxes on customer support chats can be seen by whoever is on the other side, without or before hitting send. Don’t you think that’s a breach of privacy?! I imagine it isn’t too difficult to implement a fix for it: The browser (like Firefox) could choose not to upload the user input to wherever the website links to, without user input (like click a send button).
The Firefox extension API explicitly requires user actions before an extension can do things like open popup windows.
That’s generally not how this works. Firefox doesn’t send what you’re typing to the website. Whoever developed the website made JavaScript that monitors the input for changes, and then sends a request to the host with the changes. To Firefox, this is simply two, non suspicious events. The JavaScript wants to see what is typed - that’s reasonable, could be to do some processing or update some text on the website. The website wants to make a http request - also totally fine, could be an API query for a search. There would be no reliable way to stop a website from sending what you type back to the host.