sorry for being so angry before but this security xxx is getting out of hands imho.
let me explain with a most simple example:
and addon wants to trigger fullscreen and play a list of webstreams.
becasue of the awesome security model it can´t do that. so instead of just simply disallowing it for webscripts its also disallowed for your addon-code. WHY?
so now we have the situation where we must per lowlevel api change the fullscreen protection off (its in the config) , then send message to our webscript , which then triggers fullscreen , send a message back and on arrival turn the fullscren protection back on. lol thats really efficient and secure lol …
and now you want us to EVEN firewall against the xpcom and chrome.xul with yet another limiting message api … this is getting crazy and helps no one but the hardware manufacturers lol becasue each new iteration of firefox needs more and better hardware !
shouldn´t you rather employ new reviewers who do this professionally all day , who make sure NO addon is programmed with sniffing and trojan horses ? and enforce downloading only through amo ? that would be enough to make everything supersafe forever.
when i heard first about browser.html i thought “ohh how awesome now we can modify firefox to the maximum limit , like change everything to everything” … now these posts indicate we probably can´t even have basic access without putting a good strain on the cpu having to walk through 3 message apis all with packer unpacker , rectifier, security checks, buffer and whatnot and then only exchange strings , arrays .
i also think you guys fail to see what your most used addos are ( minus the adblockers) … thats stuff like ss google translator , menuwizard and tabmix plus are all with advanced function you wanna take away from them or make it as hard as possible. not a good idea.
the customizability of firefox is its strong point and if you really wanna do that i see firefox failing and maybe even splitting a opensource fork which will try to keep functionality intact, and taking a good chunk of oldschool users with it. this happend before, i dopn´t want that to be honest.
just my 2 cents …