Almost as if commingling trusted and untrusted code in the same execution environment, separated by only the thinnest of barriers, might result in mistakes being made.
[Comment removed by author]
Nice statement. Can you back it up? Is it due to this XSS vulnerability? Or is it broader than that. Do you have alternatives one should look into?
I wonder if Chromium devs are taking all these bugs as indicators that the current state of coding “secure” extensions is pitiful, I’d argue this is partially because of the lack of documentation on how to do things right (like Tavis' explanation on how you have to declare the trusted variable…Who would have known that?).