firefox extension security issue

I'm writing a firefox addon that logs certain user activity and displays some statistics on a webpage.

When the page is opened, the page sends an event to the addon. The addon adds data to the page and sends an event back, and the page refreshes the statistics.

Now how do I ensure that the extension only puts the (sensitive) data on the right page and not some other malicious one?

开发者_Python百科Thanks V

SSL. Unless you're doing something weird, the only route of attack is man in the middle.

The addon will have to authenticate with the server, probably with a username/password provided by the user. The server side needs to control what events, and from what user that it can accept from the client side. Also note that all authentication should be done over SSL to prevent session hijacking.