Plugin historically referred to NPAPI (Netscape Plugin API), and later PPAPI (Pepper Plugin API) which were used for Flash, Silverlight and such. This historical reason was what distinguished between plugin and extension. The practice still continues today with H264 and Widevine even though they no longer uses NPAPI/PPAPI.
"Plugin" generally refers to adding custom code to the browser itself, as a dynamic library or something, with the full ability to do anything the browser can do (i.e., it's equivalent to downloading an application). Plugins are usually written in a language like C.
"Extension" generally refers to code given limited access to certain APIs, a bit more generous than the access given to an individual web page but much closer to that model. Extensions are usually written with web languages like JS and HTML.
The multi-decade security trainwreck that was Flash was possible because it was a plugin - both in that bugs that corrupted the code could let an attacker run unrestricted code on your machine as if they'd gotten you to run a malicious application, and in that Flash was on its own for implementing rules like "can this website download files from this other website," so it was often possible to break the web's security model via Flash. Extensions go through the browser core to do all their work, just like JS on a website.
Conversely - Flash allowed doing a whole lot of cool things back when the web platform was nowhere near as capable. An extension can't directly access, say, the clipboard; it has to go through a browser API to do that. But back when there was no browser API, Flash could access the clipboard just like any other program on your computer.
Plugins were native code, usually running under NPAPI.
Extensions or Add-ons running with WebExtensions API are HTML/JS/CSS and have way less access to your machine. They run in a sandbox with very specific fine-grained control over permissions and capabilities.
It's mostly a historical term of art: Browser plugins refers to NSAPI plugins (and could also refer to OLE/ActiveX plugins), which is older and now obsolete, and is based on plugging native code in compiled binary dynamic libraries into the existing browser app (or OLE control container), without necessarily requiting an extension language like JavaScript / Visual Basic.
Browser extensions refer to more recent JavaScript centric extension techniques (like the older Firefox XUL extensions, and more modern Chrome/etc extensions), using JavaScript as a browser extension language, throwing in some XML and CSS, and coding most if not all of the plugin in JavaScript, instead of linking compiled binary code.
Python makes a distinction between "embedding" and "extending", that doesn't map directly into the browser plugin/extension dichotomy, but is kind of similar -- it's a question of "who's on top", and embedding usually implies some extending:
Extending Python means building modules that Python code can import to access the features the modules supply. Embedding Python means executing Python code from an application coded in another language. For such execution to be useful, Python code must in turn be able to access some of your application’s functionality. In practice, therefore, embedding implies some extending, as well as a few embedding-specific operations. [...]
>This document describes how to write modules in C or C++ to extend the Python interpreter with new modules. Those modules can not only define new functions but also new object types and their methods. The document also describes how to embed the Python interpreter in another application, for use as an extension language. Finally, it shows how to compile and link extension modules so that they can be loaded dynamically (at run time) into the interpreter, if the underlying operating system supports this feature.
It's best to define these words with feelings, and I feel like plugins are like a little box that is free to do "plugin" things within the box, but is otherwise merely co-existing within the browser, rather than integrating. Things like Flash, Silverlight, Java, etc. always did their own thing. Extensions are often tightly integrated into browser functionality, with interactions potentially happening in both directions. Custom buttons on the toolbar or context menu, with extensive access to your browser profile and perhaps cross-cutting concerns.
Another way to think of it is something you just plug in and use, like a vacuum cleaner. But an extension needs access to the browser API and may entangle itself.
I'm sure there are exceptions to those boundaries, such as Javascript being enabled to interact with Flash applications, but a plugin might operate without any real crossover with the browser functionality beyond existing in a window.
I was always explaining this on our local community forums in the early years of Firefox presence like this: extension extends the program on functionality, while plugins allows you to use other piece of software or its part within the browser
neogodless|4 years ago
chrisseaton|4 years ago
What's the difference between an 'extension' and a 'plugin' in your eyes? These words seem semantically indistinguishable.
sirn|4 years ago
geofft|4 years ago
"Extension" generally refers to code given limited access to certain APIs, a bit more generous than the access given to an individual web page but much closer to that model. Extensions are usually written with web languages like JS and HTML.
The multi-decade security trainwreck that was Flash was possible because it was a plugin - both in that bugs that corrupted the code could let an attacker run unrestricted code on your machine as if they'd gotten you to run a malicious application, and in that Flash was on its own for implementing rules like "can this website download files from this other website," so it was often possible to break the web's security model via Flash. Extensions go through the browser core to do all their work, just like JS on a website.
Conversely - Flash allowed doing a whole lot of cool things back when the web platform was nowhere near as capable. An extension can't directly access, say, the clipboard; it has to go through a browser API to do that. But back when there was no browser API, Flash could access the clipboard just like any other program on your computer.
soapdog|4 years ago
Extensions or Add-ons running with WebExtensions API are HTML/JS/CSS and have way less access to your machine. They run in a sandbox with very specific fine-grained control over permissions and capabilities.
DonHopkins|4 years ago
Browser extensions refer to more recent JavaScript centric extension techniques (like the older Firefox XUL extensions, and more modern Chrome/etc extensions), using JavaScript as a browser extension language, throwing in some XML and CSS, and coding most if not all of the plugin in JavaScript, instead of linking compiled binary code.
Python makes a distinction between "embedding" and "extending", that doesn't map directly into the browser plugin/extension dichotomy, but is kind of similar -- it's a question of "who's on top", and embedding usually implies some extending:
https://www.oreilly.com/library/view/python-in-a/97814919138...
Extending Python means building modules that Python code can import to access the features the modules supply. Embedding Python means executing Python code from an application coded in another language. For such execution to be useful, Python code must in turn be able to access some of your application’s functionality. In practice, therefore, embedding implies some extending, as well as a few embedding-specific operations. [...]
https://docs.python.org/3/extending/index.html
>This document describes how to write modules in C or C++ to extend the Python interpreter with new modules. Those modules can not only define new functions but also new object types and their methods. The document also describes how to embed the Python interpreter in another application, for use as an extension language. Finally, it shows how to compile and link extension modules so that they can be loaded dynamically (at run time) into the interpreter, if the underlying operating system supports this feature.
wearywanderer|4 years ago
neogodless|4 years ago
Another way to think of it is something you just plug in and use, like a vacuum cleaner. But an extension needs access to the browser API and may entangle itself.
I'm sure there are exceptions to those boundaries, such as Javascript being enabled to interact with Flash applications, but a plugin might operate without any real crossover with the browser functionality beyond existing in a window.
pndy|4 years ago