Yep, Firebug simply uses the standard APIs but within a more privileged context. (It's not a separate process, even with e10s - it's a chrome-privileged compartment living in the same process as the web page. Ok, well, with e10s one might use CPOW wrappers, but that's mostly deprecated and a digression.) All accesses go through Xray wrappers, which is part of what makes that work. https://developer.mozilla.org/en-US/docs/Mozilla/Gecko/Script_security
Finding which styles apply to a certain element uses a special-purpose non-content-exposed API, BTW: inIDOMUtils.getCSSStyleRules. On Tue, 26 Jan 2016, at 07:37 AM, Sebastian Zartner wrote: > The main code for this is located within the Css.getAllStyleSheets() > function[1]. It also accesses the rules this way, though IIRC from > within the chrome process, which has more privileges. Simon, please > correct me if I'm wrong. > > Sebastian > > On Sunday, January 24, 2016 at 10:34:26 PM UTC+1, als wrote: >> If I wrote a FF add-on I would find that a content script can't >> access style sheets from cross domains. Accessing the sheet.cssRules >> attribute would produce a SecurityError. But Firebug shows me all of >> the style sheets. How is it able to do this? Links: 1. https://github.com/firebug/firebug/blob/305f4912b6a476bfc2ab1b7c174d826892b1863a/extension/content/firebug/lib/css.js#L790-L834 -- You received this message because you are subscribed to the Google Groups "Firebug" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/firebug. To view this discussion on the web visit https://groups.google.com/d/msgid/firebug/1453795381.324519.502656010.5ED242D9%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
