Over on the Adblock Plus blog, Wladimir Palant has posted two great articles on how to avoid making some common mistakes in extension development that lead to security vulnerabilities. I highly recommend extension authors check out his posts:
- Displaying web content in an extension – without security issues
- Five wrong reasons to use eval() in an extension
The information in these posts is very important for all add-on authors to know, and one of my goals in the coming months is to bring these best practices into one document that is kept up-to-date.