Note: The techniques described in this section are only available in Firefox, and only from Firefox 49 onwards.
Warning: As an extension developer you should consider that scripts running in arbitrary web pages are hostile code whose aim is to steal the user's personal information, damage their computer, or attack them in some other way.
The isolation between content scripts and scripts loaded by web pages is intended to make it more difficult for hostile web pages to do this.
Since the techniques described in this section break down that isolation, they are inherently dangerous and should be used with great care.
As the content scripts guide notes, content scripts don't see changes made to the DOM by scripts loaded by web pages. This means that, for example, if a web page loads a library like jQuery, content scripts won't be able to use it, and have to load their own copy. Conversely, scripts loaded by web pages can't see changes made by content scripts.
However, Firefox provides some APIs that enable content scripts to:
- access JavaScript objects created by page scripts
- expose their own JavaScript objects to page scripts.