Building A Browser Extension? Careful Not To Accidentally XSS the Whole Internet

[xyzzy123]

This is a genuine concern. The other risk is that you get XSS into a Chrome / privileged Javascript context, which is probably the simplest way to get reliable arbitrary code execution in e.g. Firefox.

See e.g: http://www.defcon.org/images/defcon-17/dc-17-presentations/d... [PDF warning]