On Wednesday, January 27, 2016 at 1:08:51 PM UTC+1, als wrote: > > > > On Tuesday, 26 January 2016 19:03:26 UTC+11, Simon Lindholm wrote: >> >> Yep, Firebug simply uses the standard APIs but within a more privileged >> context. (It's not a separate process, even with e10s - it's a >> chrome-privileged compartment living in the same process as the web page. >> Ok, well, with e10s one might use CPOW wrappers, but that's mostly >> deprecated and a digression.) All accesses go through Xray wrappers, which >> is part of what makes that work. >> https://developer.mozilla.org/en-US/docs/Mozilla/Gecko/Script_security >> >> > > I've experimented with doing this from a frame script. According to the > Mozilla documentation the frame script has "system principals" which > appears to mean the same as chrome-privilege but I still got a > SecurityError from the cross-domain access. > > Where/how is the Firebug chrome-privileged compartment created? >
Firebug's main entry point is the loadIntoWindow() function <https://github.com/firebug/firebug/blob/master/extension/modules/loader.js#L147>. This code in it injects the Firebug object into the browser window. The loadIntoWindow() function itself is called on extension startup <https://github.com/firebug/firebug/blob/568d87dccfbdb310cf39b8cd29348d20253919ee/extension/bootstrap.js#L68-L71> . Again, Simon or Honza may give you a more detailed explanation on this. Sebastian -- You received this message because you are subscribed to the Google Groups "Firebug" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/firebug. To view this discussion on the web visit https://groups.google.com/d/msgid/firebug/94f5fe1c-a873-44f4-bad4-819f92fb74d1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
