Mitchell Stoltz wrote: > openDialog allows a nasty exploit, which is why it can't be called > from content.
Presumably this nasty exploit is something that chrome often wants to do... I notice many calls to window.openDialog( chromeURL, '_blank', 'chrome,all,dialog=no' ) in the chrome, I know that window.open doesn't support the useful "all" keyword...