Tip:
Highlight text to annotate it
X
Hi, I'm Aaron, a programmer working on the extension system for Google Chrome.
One of the most powerful features of our system is the ability to interact with web pages.
This is done with a feature called 'content scripts'.
Using a content script, an extension developer can do things like: find unlinked URLs in
web pages and convert them into links, download all images on a page, or add in-page integration
with a third-party application. Content scripts do all of this by interacting
with a web page's Document Object Model, or its "DOM" for short.
The DOM is a tree-like data structure that represents the HTML for a web page.
This is the same API that is used by web developers today to make modern web applications like
Google Maps. With extensions, the DOM for a web page is
shared between the page's JavaScript and each of the content scripts that is also interacting
with that page. Any of the scripts can modify the DOM, for
example by removing a node, and all the scripts will immediately see the change.
We want to share the structure of the DOM between web pages and content scripts, but
it is important for robustness that the scripts themselves are isolated from each other.
For example, it should be possible for the web page to use jQuery v1.2 and the content
script to use jQuery v1.3 without the two versions of the library accidentally interfering
with each other. Also, since extensions have access to privileged
APIs and sensitive user data, we need to make sure that the web page JavaScript cannot use
the shared DOM as a way to get access to those APIs and that data.
In Google Chrome, we keep content scripts isolated from each other and from the pages
they are running on with a system called 'isolated worlds'.
Each script that is accessing the DOM runs in its own isolated world. Each isolated world
gets its own clean JavaScript environment, which ensures that libraries don't conflict
with each other. Many isolated worlds can share access to a
single DOM tree, but when they do, they each get their own complement of JavaScript objects
to represent the nodes in the tree. Since no JavaScript objects are shared between
isolated worlds, it is not possible for web page JavaScript to use the shared DOM to "break
out" of the normal web page sandbox and somehow get access to the content script or its APIs.
With content scripts, extension developers can take full advantage of the familiar DOM
API to manipulate web pages. And because of isolated worlds, they can do
this without having to worry about web pages or other extensions accidentally interfering.
Learn more on content scripts and the rest of the Google Chrome extensions system
by visiting our web site at code.google.com/chrome/extensions.