Ask HN: Browser Extensions and XSS

1 points by PlanetFunk ↗ HN
Over the last week I've developed and released an extension for Chrome/Firefox that collapses and adds a toggle bar to each Google+ stream post.

I've also just released a bookmark that takes the extension code (from code.google.com) and injects it into the G+ page for those browsers that can't use the extension.

now, my understanding is that this is basically user-control cross-site scripting (XSS).

The thing is, it's exactly what all of the extensions are doing anyway, isn't it?

Is there something I'm missing?

0 comments

[ 2.7 ms ] story [ 12.1 ms ] thread

No comments yet.