

Chrome extensions can now call iframe page content scripts - mceachen
http://matthew.mceachen.us/blog/sandbox-telegrams-or-how-your-chrome-extension-can-interact-with-page-content-scripts-1123.html

======
scotth
Interesting...but haven't Chrome extensions always been able to communicate
with content scripts (and back) through chrome.extension.sendRequest?

If I understand correctly, what you've managed to do is communicate with
_embedding_ page's scripts, in a cleaner way than the one suggested by Google.

~~~
mceachen
You're correct, unless you're playing with ifrmes. tabs.sendRequest doesn't
allow you to talk to scripts in iframes -- only the tabs.executeScript has the
allFrames param, and but that script will be sandboxed from the content
scripts (hence the postMessage workaround).

------
tybris
I always find these browser extensions completely terrifying. You can have all
the encryption in the world, but all it takes to extract your bank account or
credit card information is one lousy browser extension.

~~~
dspillett
It isn't just extensions on there own: extensions like greasemonkey allow
external scripts to be added, and even without that there are bookmarklets
that get complete access to the content in the browser's DOM too. Admittedly a
bookmarklet requires user intervention to run once installed, but a script in
GM or similar will run just as automatically as an extension on its own.

