On Thu, Aug 25, 2011 at 4:24 PM, Dominic Cooney <dominicc@google.com> wrote:
> Here is a quick first cut:
>
> How about use cases like these:
>
> - Extension that wants to inspect <input type="password"> and warn you
> when you are entering you password in an insecure form (from abarth
> earlier in the thread.)
> - Password manager that wants to find anything that looks like a login
> panel and decorate it/fill it.
> - Extension that removes formatting from a page to make it easier for
> on-screen reading.
> - Extension that finds phone numbers in a page and embosses them with
> links to a crank call service.
> - Extension that replaces all ads in a page with pictures of kittens.
> Or an extension that detects pictures of kittens and monetizes them
> with ads.
> - Extension that on hover looks up
> dictionary/thesaurus/translation/urban dictionary/wikipedia/etc.
>
This is a great list!
As for allowing extensions to inspect the shadow DOM: unless we want to
break isolation/confinement again, I believe this should be handled by the
relevant browser APIs for extensions, along the lines of "shadow =
extensions.getShadowFor(element)". If the extension shouldn't be able to
mess with shadows, it can be blocked at this point.