On Tue, Jun 9, 2009 at 6:11 PM, Colin<[email protected]> wrote: > I think this question might be a bit premature, but maybe someone here > has some insight. I was playing around with content scripts today and > realized that I'd love to be able to access settings in my extension > to control behavior in my content script (when local storage > arrives). I can hack something together using messaging with the > extension, but it seems like it'd be a lot cleaner if the content > scripts could access the local storage directly. Is anything like > this being considered?
Yes, it is being considered. > In a slightly broader context, what are the differences of Javascript > running in a content script compared to Javascript running in the rest > of my extension. The documentation mentions that content scripts have > "a few special APIs available to them". Does this imply that they'll > have less access then the rest of my scripts will? >From the point of view of the Chrome security model, current content scripts are just part of the web content they are injected into. They have the exact same privileges -- no more, no less. This is important because we want to ensure that we never leak increased privileges to web content via content scripts. We're investingating a new model of "sandboxing" content scripts so that they will have access to the web content DOM, but no JavaScript-to-JavaScript communication will be possible between content scripts and web content. In that world, it may be safe to expose things like an extension's local storage directly to content scripts. If you're interested in following this work, you can "star" this bug: http://code.google.com/p/chromium/issues/detail?id=12218 - a --~--~---------~--~----~------------~-------~--~----~ Chromium Discussion mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-discuss -~----------~----~----~----~------~----~------~--~---
