FEAT: Identify and resolved major performance issues + Build enhanced performance system and landing site

[RianaAzad]

Fix: Content script optimizations (throttling, limited DOM scan)
Chore: Mutation observer (now ignores extension generated elements)
Fix: Background script optimizations (throttling for tab updates, storage optimized)
Chore: Improvised manifest (document_idle, http/https, all_frames)

[Copilot]

Pull Request Overview

This PR enhances performance and robustness across content and background scripts by introducing throttling, limiting DOM scans, optimizing observers, and refining manifest settings.

• Introduces throttled and debounced DOM scanning in the content script with early exits and node processing limits.
• Refines the mutation observer to ignore extension-generated elements and pauses/resumes on visibility changes.
• Implements throttled tab update handling and robust storage operations in the background worker.
• Updates manifest permissions to specific URL patterns and adjusts script injection timing.

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File	Description
src/content/content.js	Added throttling, limited DOM scanning, early exits, observer optimizations, and cleanup logic.
src/background/background.js	Introduced tab update throttling, error handling in storage operations, and guard clauses.
src/App.jsx	Wrapped handlers with useCallback, memoized current year, and reduced renders.
public/manifest.json	Scoped host_permissions, set run_at to document_idle, and added all_frames.

[Copilot]

Event listeners added in setupCleanup are never removed in destroy, which may cause unexpected behavior after tear-down. Consider storing references to the handlers and removing them during destroy.

Suggested change

	window.addEventListener("beforeunload", () => {
	this.destroy();
	});
	document.addEventListener("visibilitychange", () => {
	if (document.visibilityState === "hidden") {
	this.pauseOperations();
	} else {
	this.resumeOperations();
	}
	});
	this.beforeUnloadHandler = () => {
	this.destroy();
	};
	this.visibilityChangeHandler = () => {
	if (document.visibilityState === "hidden") {
	this.pauseOperations();
	} else {
	this.resumeOperations();
	}
	};
	window.addEventListener("beforeunload", this.beforeUnloadHandler);
	document.addEventListener("visibilitychange", this.visibilityChangeHandler);

[Copilot]

Reusing the same scanDebounceTimer for both throttledScanPage and debouncedScanNewContent can lead to scheduling conflicts. It may be clearer to use separate timers for page scanning and new-content scanning.

[Copilot]

If tabId is undefined, you end up storing and clearing a key of undefined in the throttle map. Add an early return guard when tabId is falsy to avoid unintended behavior.

Suggested change

	throttledTabUpdate(tabId, changeInfo, tab) {
	throttledTabUpdate(tabId, changeInfo, tab) {
	if (!tabId) {
	console.warn("Safe-Web: Received falsy tabId in throttledTabUpdate");
	return;
	}

[Copilot]

The keys returned by analyzeContent (emails, phones, ssns, creditCards) don’t match the sensitivePatterns setting keys (email, phone, ssn, creditCard). Consider aligning these names or mapping them consistently.

[FardinHash]

@RianaAzad I think it's ready to merge. Check & merge

[RianaAzad]

@FardinHash two things need to be fixed.

1. Enable/Disable button rendering
2. Installation landing (still in index.html - blank)