Very excited to see the development of the userScripts API - it was one of the key gaps of MV3, and it opens up incredible possibilities for users to customize their browser experience.
- can a userscript in the USER_SCRIPT world do window.postMessage and have it seen by a userscript in the MAIN world, and vice versa?
- do both worlds share the same DOM?
- if configureWorld({messaging: true}) does that mean that both MAIN and USER_SCRIPT world userscripts can call runtime.sendMessage?
- will a script running in the USER_SCRIPT world have the ability to access fetch, XHR APIs, etc. to access remote content (subject to whatever connect-src CSP is specified in configureWorld)?
- if configureWorld sets an 'unsafe-eval' CSP, can scripts in the USER_SCRIPT world use eval()?
More generally, bringing a bunch of the rationale from that proposal into the documentation could go a long way towards clarifying how the API should be used.
Looking forward to seeing this go live in Chrome 120, and getting clarity on the capabilities!