Some quick advice
You should also be aware that the software is open source and can be viewed by anyone if distributed. Even though the exploits above may seem very difficult on first sight, once the code is available to a hacker, it is no longer trial and error, it is obvious what needs to be attacked. It also means that the more popular your extension becomes, the more nefarious eyes there will be who are taking a close look at it to damage a larger number of sites.
I encourage you to always test for vulnerabilities in your extensions. Too often a "quick fix" or a new feature is the source of problems. Only a testing discipline can catch these before they're a problem.
There are a number of automated testing methods that can be used to improve the code quality, including unit testing, system testing, and automated browser testing such as Selenium. Potentially you could write tests that target some of the vulnerabilities we've discussed in this chapter. You can find out more about testing...
