It is a delicate issue, since this is a good way to access files in the system, and a perfect way to infect a computer. As of now, the sandboxing used in Chrome does not allow this, but maybe a new type of sandboxing being developed will help you out with this.
On Jun 9, 10:31 pm, Aaron Boodman <[email protected]> wrote: > On Tue, Jun 9, 2009 at 6:11 PM, Colin<[email protected]> wrote: > > I think this question might be a bit premature, but maybe someone here > > has some insight. I was playing around with content scripts today and > > realized that I'd love to be able to access settings in my extension > > to control behavior in my content script (when local storage > > arrives). I can hack something together using messaging with the > > extension, but it seems like it'd be a lot cleaner if the content > > scripts could access the local storage directly. Is anything like > > this being considered? > > Yes, it is being considered. > > > In a slightly broader context, what are the differences of Javascript > > running in a content script compared to Javascript running in the rest > > of my extension. The documentation mentions that content scripts have > > "a few special APIs available to them". Does this imply that they'll > > have less access then the rest of my scripts will? > > From the point of view of the Chrome security model, current content > scripts are just part of the web content they are injected into. They > have the exact same privileges -- no more, no less. This is important > because we want to ensure that we never leak increased privileges to > web content via content scripts. > > We're investingating a new model of "sandboxing" content scripts so > that they will have access to the web content DOM, but no > JavaScript-to-JavaScript communication will be possible between > content scripts and web content. In that world, it may be safe to > expose things like an extension's local storage directly to content > scripts. > > If you're interested in following this work, you can "star" this > bug:http://code.google.com/p/chromium/issues/detail?id=12218 > > - a --~--~---------~--~----~------------~-------~--~----~ Chromium Discussion mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-discuss -~----------~----~----~----~------~----~------~--~---
