I believe as a side-effect of this, content scripts can no longer at all access frames in pages (window.frames is a single frame, rather than a collection of them all)... I view this decidedly as a bug rather than feature, and cannot see a reason to intentionally do this (if we can access the DOM of the page, why not also of sub-pages?)
Could this be looked at and fixed? On Jul 16, 3:05 pm, Adam Barth <[email protected]> wrote: > Today I landed a patch that enables a security feature for extensions. > Now when an extension runs a content script, that script runs in a > "parallel universe" with the page. In its isolated world, the content > script can see the page's DOM, but it can't see any of the page's > JavaScript objects. This helps protect the extension from getting > hacked by the page's JavaScript. If you're interested in how a page > can hack a non-isolated content script, you might enjoy > readinghttp://www.adambarth.com/papers/2009/adida-barth-jackson.pdf > > This is a "breaking change" in the sense that it changes the content > script's API (by hiding the page's JavaScript). If you notice your > favorite user script acting up after this change, please let me know > and we'll try to get to the bottom of the issue. > > Adam --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
