Is contentDocument really read-only? At least from extensions, I'm able to use it to arbitrarily modify the contentDocument.

Well, since Firefox 3.0 it is DEFINITELY read-only... apparently. I used to be able to do what you say. For instance, I needed to POST to a remote php script and get some HTML, then apply XPath on the responseText. I used to do contentDocument.write(responseText), then evalute() on that. Now I get an NS_ERROR_DOM_SECURITY_ERR. (buanzo [at-]

Possibly related:

Document Tags and Contributors

 Contributors to this page: MatrixFrog, Buanzo, ElBarto
 Last updated by: MatrixFrog,