Ask HN: Browser Extensions and XSS
Over the last week I've developed and released an extension for Chrome/Firefox that collapses and adds a toggle bar to each Google+ stream post.
I've also just released a bookmark that takes the extension code (from code.google.com) and injects it into the G+ page for those browsers that can't use the extension.
now, my understanding is that this is basically user-control cross-site scripting (XSS).
The thing is, it's exactly what all of the extensions are doing anyway, isn't it?
Is there something I'm missing?
No comments yet.