Hello Community,
This is my first AddOn, so forgive me if I ask very basic questions
I’m currently working on an extension that adds some extra GUI elements to a webpage. I created a Content Script that listens for “key input” events. The functional part is nearly done, so I’ve checked the security best practices page to ensure my extension is safe.
Situation
My extension loads images into the webpage. The images are served by the extension as web_accessible_resources
—yeah, those moz-extension://{hash}
URLs! Because of this, my extension could potentially contribute to a strong browser fingerprint, which I want to avoid.
Problem
I don’t want to use an iframe to wrap around my elements—it seems very inefficient and would make styling harder. Instead, I’ve placed my elements inside a Shadow DOM in closed mode. Is this a sufficiently safe solution, or is using an iframe the only secure option I have?