What would be the right approach to allow such a feature? Would adding a new permission help?
On Tue, Jun 16, 2015 at 6:32 PM, Bobby Holley <[email protected]> wrote: > On Tue, Jun 16, 2015 at 9:20 AM, Paul Rouget <[email protected]> wrote: >> >> You mean, being able to inject any script into the content? >> Afaik, there's no way to do that. That's exactly why we need this API. >> Do we want to keep the barrier between the browser and the content? >> If so, why? > > > Well, presumably because we might not want the browser app to be able to XSS > every website ever? Maybe we're ok with that, but it's tantamount to running > the browser app with system principal, which is something that we currently > don't do, so presumably the b2g security people have a thing or two to say > about it. -- Paul _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
