Accessing content script context from chrome

[Matthew Gertner]

I was using a new video player yesterday and was struck by its
terrible usability (at least on Mac). In particular, it is impossible
to make it do anything (even with the mouse) in full screen mode, so I
decide to write a Firefox extension that implemented keyboard
shortcuts for pause, rewind, FF, etc.

After a few hours of tinkering around on a Sunday evening, I didn't
manage to get it to work. The problem is that the player is embedded
as an <object> in the webpage. It doesn't appear to expose its methods
directly, or at least I can't see them from chrome. There is a global
variable called _player in the page that seems to have the necessary
methods, but I can't see how to access it from chrome. What I'd like
to do is run some script in the JS context of the page.

I tried inserting script into the page using document.write(), but I
get a security exception. I also tried evalInSandbox but that seems to
run the script with the page's security principles but without its JS
context (i.e. global variables). The only thing I can think of is to
use nsITraceableChannel to insert script into the page when it loads,
but even then I'm not sure how to call the script from chrome when my
keyboard shortcuts are pressed. I could dispatch a DOM event but AFAIK
I'd have to implement the event in C++ so that I can access
nsIPrivateDOMEvent and set it to trusted.

Is there an easier way to do this?