Comment #61 on issue 18857 by [email protected]: Support for GM Functions (Greasemonkey) in Chrome http://code.google.com/p/chromium/issues/detail?id=18857
1) Currently, the main additional privilege a content script has over the page itself is the ability to use the chrome.* APIs to talk to the background page. 2) We might want to give content scripts additional privileges in the future (e.g., the ability to open pop-ups without a user gesture, cross-site XMLHttpRequest, etc). If we give up on isolating the content script from the page now, we'll foreclose this opportunity. 3) Even with zero additional privileges, letting the page compromise the content script leads to security problem. This paper <http://www.adambarth.com/papers/2009/adida-barth-jackson.pdf> contains a detailed explanation of how a number of bookmarklets (which are like non-isolated content scripts) let a malicious web site steal all the user's passwords. We want to protect the content script from the page, both because of the privileges the content script has today and because of the privileges we might give content scripts in the future. unsafeWindow and friends do not provide a sufficient level of protection, therefore we're not going to implement them. Given our experience looking at extensions people are writing, it the benefit of adding cross-site XMLHttpRequest (limited, of course, by the manifest) to content scripts appears to out-weigh the security costs. That's a judgment call, but Aaron and I agree its worth it, and that's what they pay us the big bucks to do. I'm glad you all are interested in these questions. If you read this bug from the beginning, you'll see that we're listening to your feedback and we've changed our plans based on the information presented in this thread. It's possible we'll consider implementing unsafeWindow in the future, but we want to evolve the extension platform slowly and carefully. At this time, unsafeWindow looks like a bad set of trade-offs. Hopefully we can find a safe way of address the same use cases. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings -- Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs
