On Wed, Oct 14, 2015 at 4:30 AM, Luca Greco <[email protected]> wrote:
> In this case (the fxos-addon-beacon-scanner) the problem can be solved by > using the content script just to inject the real beacon-scanner javascript > code into the page context (e.g. by appending a new tag script) So much for security. Since we have this alternative I feel like we should just turn off the wrappers for now (or quickly come up with a way to waive x-rays), otherwise this script injection -> script injection will become a "best" practice.
_______________________________________________ dev-fxos mailing list [email protected] https://lists.mozilla.org/listinfo/dev-fxos
