If you want your subscript to work reliably, you should run it in a sandbox with an Expanded Principal [1] whose sandboxPrototype points to the content window object. Otherwise, your code will be subject to breakage by pages that muck with global state.
If you don't care about that, you might as well just do contentWindow.eval(yourCode). [1] https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Language_Bindings/Components.utils.Sandbox#Expanded_principal On Thu, Sep 17, 2015 at 4:05 PM, <arthuredelst...@gmail.com> wrote: > Does anyone know, if an extension injects a script into a content page > using Services.scriptloader.loadSubScript, is there any danger of leaking > something with chrome privileges to the page? > > Here's a short example of how I'm hoping to use loadSubScript: > https://github.com/arthuredelstein/torbutton/blob/596c1a84dd4db474ffe04c95e43dac3c804b6cd2/src/modules/utils.js#L89 > > Thanks in advance for any advice! > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
