PS Reflecting on the security implications a little further, I suppose the fundamental issue is that once such a scriptable interface is available, it would be possible to install packages without the user's knowledge ?
Would it be simpler and more secure to provide xpinstall support as a XBL-able widget ? For example, the system widget SCROLLBAR contains thumber, slider, scrollbarutton, etc elements that are totally styled using CSS. Similarly if there were an INSTALL widget containing install/deinstall/start/cancel/packages elements then this would meet most of the security concerns. Installation/deinstallation could ONLY take place if the actual button is MANUALLY clicked. Attempts to generate scripted events for these system elements would not be supported. I think it should be possible for the XUL script to read the registry for packages/version info. I think there are already some apis for accessing installed package info although I havent checked. There then only remains the issue of how to fill the packages element with package descriptions from the web site (rather than the single xpi reference) . Is XBL possible?
