canmove, Confirmed users
737
edits
Jetpack/Release Notes/1.0: Difference between revisions
Jump to navigation
Jump to search
→Notable Changes Since 1.0b5
No edit summary |
|||
| Line 149: | Line 149: | ||
Finally: sometimes add-ons need access to custom, document-defined JavaScript objects. For example, GMail provides a custom JavaScript API which would not be accessible using the proxy. To meet use cases like this, in [https://bugzilla.mozilla.org/show_bug.cgi?id=660780 bug 660780] we've provided access to the unwrapped window via a global <code>unsafeWindow</code> object in content scripts. But note that this is experimental and may change or be removed completely in future releases. | Finally: sometimes add-ons need access to custom, document-defined JavaScript objects. For example, GMail provides a custom JavaScript API which would not be accessible using the proxy. To meet use cases like this, in [https://bugzilla.mozilla.org/show_bug.cgi?id=660780 bug 660780] we've provided access to the unwrapped window via a global <code>unsafeWindow</code> object in content scripts. But note that this is experimental and may change or be removed completely in future releases. | ||
=== Cross-site XmlHttpRequests are no longer permitted in content scripts in Firefox 5 === | |||
Firefox 4 allowed content scripts to make cross-site requests using <code>XmlHttpRequest</code>. So, for example, if you injected a content script into http://www.mozilla.org/, the content script would be allowed to send a request to http://www.google.com/ using <code>XmlHttpRequest</code>. | |||
It was always the intention that cross-site requests should '''not''' be possible in a content script, and in Firefox 5 this is no longer possible. | |||