Does anyone know, if an extension injects a script into a content page using
Services.scriptloader.loadSubScript, is there any danger of leaking something
with chrome privileges to the page?
Here's a short example of how I'm hoping to use loadSubScript:
If you want your subscript to work reliably, you should run it in a sandbox
with an Expanded Principal [1] whose sandboxPrototype points to the content
window object. Otherwise, your code will be subject to breakage by pages
that muck with global state.
If you don't care about that, you might as
2 matches
Mail list logo