javascript - How can my Add-on SDK content script interact with a website page script? -



javascript - How can my Add-on SDK content script interact with a website page script? -

in sdk add-on, i'd

call function in page script export, read (get), write (set) or manipulate variable or property in page script export new function or override existing function in page script or post custom event page page script can hear for.

how can add-on sdk content script communicate website?

there multitude of ways interact page scripts, mutual of covered in official documentation, including of ways listed in question.

please read "interacting page scripts".

however, should pointed out interacting page scripts in secure fashion can hard. particularly aware unsafewindow called unsafe reason:

be careful using unsafewindow: can't rely on of properties or functions being, or doing, expect. of them, setters , getters, have been redefined page script. don't utilize unless trust page, , careful.

also, unsafewindow isn't supported api, removed or changed in future version of sdk.

reading info or executing functions of unsafewindow safe in sense cannot straight lead code execution in (your content script) security context. javascript engine compartments create sure of that.

but true must never trust info coming website. expect code throw, denial-of-service unexpected infinite loops or similar. , never ever explicitly or implicitly evaluate code in context of content script.

also, never think can trust website, it own website. websites can compromised (hacked), owners can alter in future, info changed en route (active man-in-the-middle attacks), or add-on have modified it, etc.

javascript firefox firefox-addon firefox-addon-sdk

Comments

Post a Comment

Popular posts from this blog

php - Android app custom user registration and login with cookie using facebook sdk -

php - Android app custom user registration and login with cookie using facebook sdk - i developing android application in users need register , log in using facebook. approximately, flow. open app first time, authenticate facebook, data, send info server create them business relationship in application, start session new business relationship in server, cookie perform later interactions. so far good. what need know wich info have send server, can able identify users when log in seccond time. because need start session in server , send cookie android app farther interactions. i'm using php server side language. i thinking getting getaccesstoken() in android facebook sdk, pass server on business relationship creation , storing in android app. but can't manage how login users on sec time utilize app. any suggestions ? in advance ! to uniquely identify user within app, should create request /me , user's id. guaranteed unique , remain con
Read more

django - Access session in user model .save() -

django - Access session in user model .save() - is possible access current session in user model .save()? pseudo code of want achieve: # users.models.py def save(self, *args, **kwargs): created = true if self.pk: created = false super(abstractuser, self).save(*args, **kwargs) # post-save if created: look_for_invite_in_session_and_register_if_found(self, session) seems wrong in architecture. shouldn't access request in models layer. work request must done in view. can this: user, created = abstractuser.objects.get_or_create(name=name) if created: look_for_invite_in_session_and_register_if_found(user, request.session) django session
Read more

php - .htaccess Multiple Rewrite Rules / Prioritizing -

php - .htaccess Multiple Rewrite Rules / Prioritizing - here current htaccess file: rewriteengine on rewritecond %{http_host} !^www\.website\.com [nc] rewritecond %{http_host} ([^.]+)\.website\.com [nc] rewriterule ^(.*)$ http://www.website.com/gotourl.php?urlid=?%1 [l] rewriterule ^(\w+)$ ./gotourl.php?urlid=$1 [nc,l] rewriterule ^(\w+)/$ ./gotourl.php?urlid=$1 [nc,l] the website in question url shortener i'm working on testing/developing , personal use. above code may not ideal i'm not familiar .htaccess , made via googling , testing. want url shortening aspect: http://website.com/1234 -> http://website.com/gotourl.php?urlid=1234 http://website.com/1234/ -> http://website.com/gotourl.php?urlid=1234 the problem cannot figure out how ignore directories. want specific directories go specific pages: http://website.com/img (or) http://website.com/img/ -> http://website.com/img.php http://website.com/img/1234 (or) http://website.com/
Read more