Prevent event propagation when appropriate. Add a random suffix to the event names, so content cannot predict the event name, and thus cannot listen for it.
Just in case, so the command object cannot be changed.
1) Store menu commmands' data in a private closure, *in the sandbox*. 2) To list registered commands: a) Parent/chrome passes a message to child/frame. b) Frame passes an event (visible to content) into the sandbox. c) Sandbox passes private-closure-scoped commands' data to a frame-scoped callback. d) Frame passes data up to parent as a message. e) Chrome uses this data to populate the menu, at popupshowing time. 3) To run a command: a) User clicks on the menu item. b) Chrome sends a message to the frame. c) Frame sends an event to the sandbox. d) Sandbox finds the related registered command, calls its callback. Phew! But no references to documents/windows/browsers are ever stored anywhere, so they can't possibly leak anymore. Along the way, simplify frame script by moving object methods to standalone functions; less state, less binding to fix "this" references. The ContentObserver object is now really just there for `.observe()`. TODO: Restore "delayed execution" feature, the only other usage of the (removed) ScriptRunner structure. Refs: #2200 Refs: #2067
Start much smaller, allow the user to change the size, remember the size. Fixes #2191
JsDev is incapable of understanding it. See: https://bugs.eclipse.org/bugs/show_bug.cgi?id=326842
…okies_3rdParty' Fixes #2181