PSA: If your browser extension modifies the DOM & adds markup with inline event handlers (onclick), your code is bad and you should feel bad
-
-
Replying to @arturjanc
Even worse, it will completely break on any site that serves a decent Content-Security-Policy and will cause its developers pain.
1 reply 1 retweet 2 likes -
Replying to @arturjanc
As long as extension APIs empower extensions to do it, it's that API that is bad. And if APIs have feelings, it should feel bad.
3 replies 0 retweets 1 like -
Replying to @jasvir @arturjanc
Are you saying we should forbid extensions from running code in the context of the document?
1 reply 0 retweets 0 likes -
They can run code by injecting scripts, the UA knows which scripts are extension-inserted. But JS event handlers just break.
2 replies 0 retweets 0 likes -
Replying to @arturjanc @jasvir
I'm not sure I follow what your suggested solution is.
1 reply 0 retweets 0 likes
Browsers should allow extension-added scripts to run. Extension authors can inject scripts, but not add inline event handlers
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.