Changes

* Xray wrappers: Xray wrappers are used when the scope has chrome privileges and the wrappee is the JS reflection of an underlying DOM object. Beyond the usual CCW duties of making sure that content code does not run with chrome privileges, Xray wrappers also ensure that calling methods or accessing attributes on the wrappee has the "expected" effect. For example, a web page could replace the <code>close</code> method on its window with a JS function that does something completely different. (e.g. <code>window.close = function() { alert("This isn't what you wanted!") };</code>). Overwriting methods in this way (or creating entirely new ones) is referred to as '''expando''' properties. Xrays see through expando properties, invoking the original method/getter/setter if the expando overwrites a builtin or seeing undefined in the expando creates a new property. This allows chrome code to call methods on content DOM objects without worrying about how the page has changed the object.

* Waived xray wrappers: The xray behavior is not always desirable. It is possible for chrome to "waive" the xray behavior and see the actual JS object. The wrapper still guarantees that code runs with the correct privileges, but methods/getters/setters may not behave as expected. This is equivalent to the behavior chrome sees when it looks at non-DOM content JS objects.

* For more information, see the [https://developer.mozilla.org/en-US/docs/Mozilla/Gecko/Script_security MDN page]

== Images ==