Hacker News new | past | comments | ask | show | jobs | submit login

> it’s important to make sure that addon content can run on the UI layer of the browser, and not within of the content of the sites

I don't get this thinking at all. Browser addons are trusted. That's the point - they have special privileges to adjust browser behaviour.

If you go around installing malicious addons, you get no more sympathy from me than if you'd gone around installing malicious kernel modules.




The problem is the opposite.

For example, Firefox’ screenshot addon would inject HTML into the page, and then the page could take the screenshot’s data and use it.

Addons currently have no way to reliably display their own UI on top of the page, without the page intercepting it.


Oh, right, I didn't get that from your original comment.

I agree, addons' workings shouldn't be exposed to untrusted websites.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: