On 13/03/06, Nickolay Ponomarev <[EMAIL PROTECTED]> wrote: > > >> Do you care/need to know if the data is maliciously changed to include > > >> new functions that will now run inside chrome in your extension? > > > > > > No. > > > I thought about before deciding to use toSource/eval, and decided that > I don't care about this problem.
I agree that if values are stored in preferences, there is not additional risk. From Eric's initial description I wasn't sure that the storage was local (or was going to remain local at least). e.g. can I export the settings and send them to a friend/post them in a newsgroup? But in general, people don't think about security as much as they should... On that note, is there a generic library I could use to [un]serialize to/from xml? A _______________________________________________ Project_owners mailing list [email protected] http://mozdev.org/mailman/listinfo/project_owners
