+chromium-extensions BTW, this will *not* be in 194.x, as it was checked in after the branch was cut. It will be in the next dev channel release.
- a On Thu, Jul 16, 2009 at 1:10 PM, Aaron Boodman<[email protected]> wrote: > abarth++ > > This is a super important change for the extension system and > increases my confidence in the system significantly. If you didn't > understand Adam's summary and you want something with more pictures, I > have a (personal) blog post that covers some of the issues, here: > > http://www.aaronboodman.com/2009/04/content-scripts-in-chromium.html > > The beginning of the blog post talks about how content scripts work > today (pre-isolated worlds). At the end it talks about how isolated > worlds would change things. > > - a > > On Thu, Jul 16, 2009 at 1:05 PM, Adam Barth<[email protected]> wrote: >> >> Today I landed a patch that enables a security feature for extensions. >> Now when an extension runs a content script, that script runs in a >> "parallel universe" with the page. In its isolated world, the content >> script can see the page's DOM, but it can't see any of the page's >> JavaScript objects. This helps protect the extension from getting >> hacked by the page's JavaScript. If you're interested in how a page >> can hack a non-isolated content script, you might enjoy reading >> http://www.adambarth.com/papers/2009/adida-barth-jackson.pdf >> >> This is a "breaking change" in the sense that it changes the content >> script's API (by hiding the page's JavaScript). If you notice your >> favorite user script acting up after this change, please let me know >> and we'll try to get to the bottom of the issue. >> >> Adam >> >> >> >> > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
