Hacker News new | past | comments | ask | show | jobs | submit login

Yup...you're right. Maybe the URLs or even embedded within the script. An extension update mechanism (if any?) could bring in new versions.

But now I'm way out into conjectureland. Just thinking out loud here.




In firefox, the only way to do cross domain xhr was to access a javascript object outside of the browser sandbox, make the call, then send the data back. I'd be pretty confident that google chrome's version would have the same security limitations.


Greasemonkey lets you do it - with GM_xmlhttpRequest:

http://diveintogreasemonkey.org/api/gm_xmlhttprequest.html




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: