When browser.tabs.create() is used in the background script to create a new tab as an extension page that uses a URL relative path to an HTML file packaged with the extension, why is having a script tag in that HTML file that links to a JavaScript file also packaged with the extension a security violation?
Does this mean all extension pages have content scripts only?
Can extension pages be name specifically in the manifest; is there an extension path that can be provided for a match pattern?
It doesn’t cause an issue for my project but it just confuses me a bit. I didn’t think I’d need to add the script with browser.tabs.executeScript() as is done in non-extension pages.
Thank you.