Ask HN: Browser extension vs. native app for structured form filling?

I’m working on a project called Injectless — a browser extension that allows websites to explicitly declare which data they are allowed to inject into external sites, fully controlled by the user.

Note: This post was translated to English using AI. My native language is Spanish.

The Problem:

Users of SaaS apps (accounting, project management, etc.) often need to repeatedly copy data into external forms (government portals, client systems, etc.). Today this is a tedious, fully manual process.

My Current Solution

A browser extension where:

- Websites expose an injectless.json declaring which fields they can fill and on which domains

- The user explicitly installs the integration (one-click opt-in)

- When visiting an allowed site, the extension offers to “paste” each field

The Doubt

A friend suggested that instead of a browser extension, this should be a native app (similar to KeePassXC or Espanso) that:

- Works in any browser without installing multiple extensions

- Pastes sequences of fields using TAB (simpler, more universal)

- Works even outside the browser

- Avoids extension permissions, CSP issues, Shadow DOM, etc.

My Concerns About a Native App

- Mobile: Browser extensions do work on mobile (Safari iOS, Firefox Android). Native apps would face heavy sandboxing restrictions

- UX: The extension popup can show exactly which fields are available for the current page. A native app would be more “blind”

- Context: The extension knows which page you’re on and can automatically validate allowed domains

The Question

What seems more valuable / practical?

A) Browser extension (current approach) — more context, mobile support, clearer UX

B) Native app like Espanso/KeePassXC — more universal, single install, simpler

C) Both — native app as a base + optional extension as a companion for better UX

Has anyone worked on something similar?

What trade-offs might I be missing?

Thanks!

aristofun
·
1 day ago
·
[ - ]

These guys solve same problem https://www.getmagical.com/ worth researching their experience

livrasand
·
22 hours ago
·
[ - ]

Thanks for the link; I wasn't familiar with Magical.

From what I can see, Magical focuses on general autofill, while Injectless is exploring a more declarative, least-privilege approach, where each site explicitly defines which fields it can expose and on which domains, with domain-level validation and explicit user control.

Even so, comparing UX, adoption, and technical trade-offs with products like this is exactly the kind of signal I was looking for.

aristofun
·
20 hours ago
·
[ - ]

They have pr had that as one of their initial features. Recently thy pivoted away from that to more ai and corporate use cases

flexagoon
·
1 day ago
·
[ - ]

Since what you're building is similar to a password manager, you should probably do it the way they do. A browser extension + a native app for mobile. Mobile platforms have autofill APIs that password managers use to fill forms.

livrasand
·
22 hours ago
·
[ - ]

I think this would probably be the closest comparison.

The password manager model seems like the most realistic way to achieve a good user experience on mobile devices while maintaining strong context and domain validation on desktops.

One difference I'm exploring is that Injectless is intentionally declarative and website-based (sites publish what they can inject, rather than the tool heuristically completing everything).

I appreciate the perspective.