Common Pitfalls: Chrome JavaScript Chrome scripts are just like native code - they can do anything the user can. Unlike scripts in content (on Web pages), chrome scripts do not have to ask for permission before doing dangerous operations. The first rule of chrome security: Treat all data that comes from the network, including URLs, as untrusted and potentially malicious. Do not trust any data that comes over the network. Verify all inputs! 16/25