Replying to Avatar bigmarh

The origin binding you're describing is real, but there's a gap in the threat model around DOM injection.

When an extension has host permissions for your site, it can run content scripts. You're right that content scripts run in an "isolated world" and can't directly access the page's JavaScript context or OPFS.

But content scripts can manipulate the DOM. And that's the problem.

That injected