What would be the right approach to allow such a feature? Would adding a new permission help?
On Tue, Jun 16, 2015 at 6:32 PM, Bobby Holley <bobbyhol...@gmail.com> wrote: > On Tue, Jun 16, 2015 at 9:20 AM, Paul Rouget <p...@mozilla.com> wrote: >> >> You mean, being able to inject any script into the content? >> Afaik, there's no way to do that. That's exactly why we need this API. >> Do we want to keep the barrier between the browser and the content? >> If so, why? > > > Well, presumably because we might not want the browser app to be able to XSS > every website ever? Maybe we're ok with that, but it's tantamount to running > the browser app with system principal, which is something that we currently > don't do, so presumably the b2g security people have a thing or two to say > about it. -- Paul _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
