* Waived xray wrappers: The xray behavior is not always desirable. It is possible for chrome to "waive" the xray behavior and see the actual JS object. The wrapper still guarantees that code runs with the correct privileges, but methods/getters/setters may not behave as expected. This is equivalent to the behavior chrome sees when it looks at non-DOM content JS objects.
* Chrome object wrappers: Chrome object wrappers (or COWs) are used when the scope has content privileges but the wrappee is a chrome object. The default behavior for a COW is to allow access to no properties of the object. This ensures that chrome objects accidentally exposed to content are safe. If, however, the wrappee has a property on it called <code>__exposedProps__</code>, the data from __exposedProps__ is used to determine which properties are accessible in the scope.
* For more information, see the [https://developer.mozilla.org/en-US/docs/Mozilla/Gecko/Script_security MDN page]
* XXX khuey keep going