The purpose of this API is basically to satisfy AMO reviewers in the
future, since the use of innerHTML with variables (i.e., not plain text) will
be rejected without any questions.
Since this is not a problem for browsers other than Firefox, they will
use simple innerHTML assignment, however safe-parsing could be implemented
for them too.
vAPI.sessionId - random ID generated every time when a page loads.
Having the dialog in an iframe lowers the chance of interference with the
styling of the page, also avoids using innerHTML (AMO complaint).
Now both nsIContentPolicy and on-http-* observers are used for net request
monitoring.
Reasons:
- In many cases, nsIContentPolicy.shouldLoad is invoked twice for the same
resource, because of the speculative parsing.
- nsIContentPolicy.shouldLoad don't have information about the channel,
so it can't redirect the request, nor change its headers, however
on-http-opening-request can.
Also, local mirroring and inline-script blocking has been implemented.
Now both nsIContentPolicy and on-http-* observers are used for net request
monitoring.
Reasons:
- In many cases, nsIContentPolicy.shouldLoad is invoked twice for the same
resource, because of the speculative parsing.
- nsIContentPolicy.shouldLoad don't have information about the channel,
so it can't redirect the request, nor change its headers, however
on-http-opening-request can.
Also, local mirroring and inline-script blocking has been implemented.
gorhill
Deathamns
Chris
AlexVallat
Cheng Sun