We need to make it safe for chrome code to pass in callback functions to content code. This will probably be done through wrapper magic which will prevent content from getting a reference to the actual chrome function, as well as wrap as appropriate any arguments to the callback function.
This could get costly without more JS engine work. Let's discuss.
How often and with what kinds of args (deep object graphs?) are such callbacks actually invoked?
This wrapper would be more general. It's a hole in our system right now that it isn't easy to expose chrome objects (such as GreaseMonkey's console or the geolocation object) to content. These wrappers could automatically be created by XPCNativeWrapper/XPCSafeJSObjectWrapper.
I'm not sure why this particular case could get any more costly than our existing wrappers.
Was this not fixed by bug 480205?
This bug is referenced from https://developer.mozilla.org/en/Safely_accessing_content_DOM_from_chrome#Firefox_2_and_newer , please update accordingly when resolving. (That page is not very clear right now and references to private bugs do not help to understand...)
Sorry for digging up old bug reports, but I was wondering whether the warnings are still valid.
I am currently working on an extension that aims to rewrite and replace attributes of window from within chrome, using an observer on the "content-document-global-created" topic. I am getting a wrapped window object and the security warnings at the aforementioned URL made me hesitate :)
I believe that what you want to do is now safe (as of Gecko 2.0).
Yeah, this was fixed (more or less) by COWs.