In the case of Chrome extensions, you just need to make sure you’ve set the proper permissions for any XMLHttpRequest calls…which also makes me question why do we have to do it at all (those that are going to be malicious are going to find it very easy to get around these ‘requirements’ and those of us that aren’t just find them a tad annoying to be in the way in the first place).
Anyway - just a little 'security’ gripe I’ve had for awhile now.
This post has received 41 loves.
Kevin has a day job as CTO of Veritonic and is spending nights & weekends hacking on Share Game Tape. You can also check out some of his open source code on GitHub or connect with him on Twitter @falicon or via email at kevin at falicon.com.
If you have comments, thoughts, or want to respond to something you see here I would encourage you to respond via a post on your own blog (and then let me know about the link via one of the routes mentioned above).