Boris Zbarsky a écrit : > Marine wrote: > >> The webpage have to be able to expose some values/parameters to the >> extension. >> So I tried to add properties to button, to document or to window >> objects, in my webpage. >> > > The problem is that reading those from chrome would be exploitable (by > the webpage). > > You can do it if you trust the webpage by looking at the wrappedJSObject > of the thing you're working with, instead of the thing itself. But make > sure you trust the webpage (e.g. that it's served over https from a > server you control). > > -Boris > Thanks a lot Boris for your quick reply.
_______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security