If you want your subscript to work reliably, you should run it in a sandbox with an Expanded Principal [1] whose sandboxPrototype points to the content window object. Otherwise, your code will be subject to breakage by pages that muck with global state.
If you don't care about that, you might as well just do contentWindow.eval(yourCode). [1] https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Language_Bindings/Components.utils.Sandbox#Expanded_principal On Thu, Sep 17, 2015 at 4:05 PM, <[email protected]> wrote: > Does anyone know, if an extension injects a script into a content page > using Services.scriptloader.loadSubScript, is there any danger of leaking > something with chrome privileges to the page? > > Here's a short example of how I'm hoping to use loadSubScript: > https://github.com/arthuredelstein/torbutton/blob/596c1a84dd4db474ffe04c95e43dac3c804b6cd2/src/modules/utils.js#L89 > > Thanks in advance for any advice! > _______________________________________________ > dev-platform mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
