abarth++ This is a super important change for the extension system and increases my confidence in the system significantly. If you didn't understand Adam's summary and you want something with more pictures, I have a (personal) blog post that covers some of the issues, here:
http://www.aaronboodman.com/2009/04/content-scripts-in-chromium.html The beginning of the blog post talks about how content scripts work today (pre-isolated worlds). At the end it talks about how isolated worlds would change things. - a On Thu, Jul 16, 2009 at 1:05 PM, Adam Barth<aba...@chromium.org> wrote: > > Today I landed a patch that enables a security feature for extensions. > Now when an extension runs a content script, that script runs in a > "parallel universe" with the page. In its isolated world, the content > script can see the page's DOM, but it can't see any of the page's > JavaScript objects. This helps protect the extension from getting > hacked by the page's JavaScript. If you're interested in how a page > can hack a non-isolated content script, you might enjoy reading > http://www.adambarth.com/papers/2009/adida-barth-jackson.pdf > > This is a "breaking change" in the sense that it changes the content > script's API (by hiding the page's JavaScript). If you notice your > favorite user script acting up after this change, please let me know > and we'll try to get to the bottom of the issue. > > Adam > > > > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---