could the botnet concern be addressed by restricting network access from the background page when there is no foreground page referencing it? e.g. restrict it to requests to the same origin, no matter how those requests are made? wouldn't let gmail precache linked images, when fetching new mail, but that's not a huge concern.
a 2009/7/28 Aryeh Gregor <[email protected]<simetrical%[email protected]> > > There's not really a whole lot that a malicious or incompetent > persistent page could do to the user's computer. At worst, it could > interfere with the browser. I guess the botnet concern is justified, > though (for use in DDoS or something). Not sure how to avoid that. >
