How to Enable the Safari Extension:
Purchase and install StopTheMadness in the App Store.
Open Safari on your Mac.
In Safari, open the Preferences windows.
Select the Extensions tab in the Preferences window and check the box next to StopTheMadness to enable it.
According to Safari's Preferences, StopTheMadness "Can read sensitive information from webpages, including passwords, phone numbers, and credit cards on all webpages" and "Can see when you visit all webpages". However, this is just boilerplate text from Apple shown for every Safari extension that can modify webpages. StopTheMadness does not collect any information, it does not have any analytics, and it does not communicate over the network. StopTheMadness does not read, use, or share your personal data.
You can selectively enable and disable StopTheMadness protection features. Your custom protections can be configured to apply to every web page or just to web sites that you specify. To change your protections, open the StopTheMadness app in the Applications folder.
There are a number of protection features that you can enable and disable. By default, these protections are enabled. (See the Contextual Menus section above to temporarily override contextual menus protection.) When a protection is enabled, it prevents websites from overriding Safari's standard behavior. In most cases, you'll want the StopTheMadness protections to be enabled. However, sometimes disabling a StopTheMadness protection is necessary for website compatibility. If you uncheck "Cut, Copy, and Paste", for example, then websites are allowed to override Safari's standard behavior for cut, copy, and paste.
When you change the protections in StopTheMadness, those changes will apply the next time you load a web site in Safari. If you already have a web site open in Safari, and you want the changes to apply immediately to the web site, you need to reload the page in Safari.
How to Add Website Protections:
The Default Website Protections apply to every web page in Safari, unless you have custom protections for a particular site. To create custom protections for a website, press the + button. There are two ways to specify websites: domain or URL. Examples of domains are "
apple.com" and "
google.com". If you specify a domain, then subdomains of that domain are automatically covered too. For example, "
google.com" also covers "
mail.google.com", etc. If you want a subdomain to have different protections than its domain, create a separate item for the subdomain. The longest match always wins, so if you have items for both "
google.com" and "
mail.google.com", then your "
mail.google.com" protections will apply when you load the page "
https://mail.google.com/". If you want protections to apply only to subdomains but not to the domain, put a dot at the beginning: "
.google.com" applies to "
https://www.google.com/", etc., but not to "
You may want to apply custom protections only to certain paths of a website, in which case you need to specify the website as a full URL. For example, if you enter "
https://www.google.com/maps", then the custom protections will only apply to Google Maps and not to Google Search at "
https://www.google.com/". Subpaths are automatically covered too: "
https://www.google.com/maps" would also cover "
https://www.google.com/maps/search/apple+park". You can customize subpath protections by creating a separate item for the subpath. As with domains, the longest match among URLs always wins. And a URL setting that includes a domain will override a domain setting for the same domain, since the URL is longer. So "
https://www.google.com/maps" takes precedence over "
Focus and Blur:
The Focus and Blur protection is an experimental feature, disabled by default. It has compatibility issues on a number of sites and should only be enabled on a site where you know you need it. A focus event occurs when a website element gets the keyboard focus, and a blur event occurs when a website element loses the keyboard focus. Enabling the Focus and Blur protection prevents websites from capturing these events. This protection cannot be enabled with the Default Website Protections, because it would cause breakages on too many sites.
Known Website Compatibility Issues:
Google Docs: Cut, Copy and Paste.
GitHub Projects: Drag and Drop.