uBlock is open source and suppose I trust the author. But filter lists are something that is maintained by other people. Is it possible to add something to a filter list to compromise computer/browser, for example, get my data and send them to the attacker's server?
The question was emerged by reading:
High-medium generic filters are implemented as follow: All the high-medium generic filters which matches the 8 first characters of the URL of a link on a web page will be seen as relevant to the web page and thus a CSS selector based on these filters will be injected in the web page, in order to hide the unwanted links.
If the author of the extension not only hides DOM elements, but injects something (CSS?, only CSS?, is safe to inject CSS?) to the page, can it be possible to inject JS script to all my pages, which will send my data to the attacker's server?