Just curious about the meaning of this in macOS Safari. What in the Safari app UI is an "injected user script"?
Epiphany doesn't use user scripts for its internals (except for the firefox sync thing). With user scripts I mean WebCore::UserScript, injected in wk2 with WebUserContentControllerProxy::addUserScript(). What epiphany uses for its internal stuff is JSC API to add its own js code on window object cleared. There are several APIs using js that we would need to make it work even when js is disabled in settings:
- user scripts
- user script message handler
- code injected on window object cleared
Geoff, this seems like a question you might be good at answering.
I'm going to make this public since it's a design issue rather than an exploitable security issue.
(In reply to Geoffrey Garen from comment #7)
> don't think we've historically treated it as a goal for the
So I don't think we need any changes to WebCore::UserScript.