I replied to your comment below (where you said the same thing), but it's not cl... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		benmccann on March 16, 2012 \| parent \| context \| favorite \| on: Web pages can sniff to see what Chrome extensions ... I replied to your comment below (where you said the same thing), but it's not clear to me that CSP changes anything.

aboodman on March 17, 2012 [–]

The CSP changes primarily address the XSS issue in extensions. Many of these vulnerabilities come because extension developers run code from untrusted sources. CSP blocks that in most cases.

Separately, we implemented web_accessible_resources. That addresses the sniffing issues.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact