Today I landed a patch that enables a security feature for extensions. Now when an extension runs a content script, that script runs in a "parallel universe" with the page. In its isolated world, the content script can see the page's DOM, but it can't see any of the page's JavaScript objects. This helps protect the extension from getting hacked by the page's JavaScript. If you're interested in how a page can hack a non-isolated content script, you might enjoy reading http://www.adambarth.com/papers/2009/adida-barth-jackson.pdf
This is a "breaking change" in the sense that it changes the content script's API (by hiding the page's JavaScript). If you notice your favorite user script acting up after this change, please let me know and we'll try to get to the bottom of the issue. Adam --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
