The next step after bug 152294 is to expose the necessary WebCore JS functions as builtins to further harden against page authors messing with/detecting our injected script.
<rdar://problem/92339803>