* Background Process have access to window.widget, opera.extension and ntexts objects - it can do everything in these borders including creation of UI elements, but can't access content of current page Injected script Background Process Button/badge PopupĪll these parts except 'Button/badge' have **separated** (it is very important) access to `Opera Extensions API`_: So we have four basic parts which communicates between each other through `cross-document messaging`_: :: * preferences page - to manage extension options * config.xml file - like manifest.json in Google Chrome this file provides valuable meta data for the extension like name, ID, description, author data, security policy and so on * JavaScript and CSS files for injection into the pages with custom URL rules (for example, replace all mailto: links with gmail handler) * popup page - page which appears when you click on extension toolbar button * background page called "start file" (usually index.html) and scripts - it is extension engine There is a nice articleīy Chris Mills "What's in an Opera extension?" _ - you can read details in it.īriefly Opera extension consists of follow files (some of them are optional): HTML, CSS and JavaScript and are based on the `W3C Widgets specification`_. Opera's extensions_ are very similar to Google Chrome. Opera decided to support extensions too (yes-yes, I remember about Opera widgets_). But now when one more strong player called Google Chrome_ comes into the game in browser's market, For a long time Opera was all-in-one thing in opposition to Mozilla Firefox It has fast rendering and JavaScript engines andĪ lot of other useful features_. Opera_ is one of the most powerful web browsers today.
Lets continue to research possible security problems in case of using popular web technologies in browser extensions. :Copyright: This work is licensed under a `Creative Commons Attribution-Share Alike 3.0 Unported License `_ Web application vulnerabilities in context of browser extensions - 2: Opera
0 kommentar(er)
