Filling in password doesn't work for frames

[palant]

If the password field isn't in the top-level document then filling in password will fail. It's questionable however whether recursing into frames is the right things to do, particularly for different origin frames: not only are there technical issues (content script cannot access frame contents), it's unclear whether the frame is supposed to get the password in the first place (consider third-party widgets). Possible solutions:

1. Just put the password into any frames regardless.
2. Only put the password into first-party frames (meaning using the same base domain).
3. Tell the user that they have to do it manually. The assumption is of course that the user can decide whether the password frame is legit which they normally cannot.

I am leaning towards the second solution.

[palant]

The second solution as formulated here seems impractical - Add-on SDK doesn't seem to provide any practical means of circumventing same-origin policy here. Tab.attach() only applies to the top-level frame, and cross-domain content scripts only work for specific websites (besides, these seem to have issues). So the only way would be using page-mod in order to inject the fill-in script into each and every window, regardless of whether it is ever used. This seems to be an overkill.

So I think that the right solution is a combination of 2 and 3: fill-in the password into frames if allowed by same-origin policy, and adjust the error message to indicate that automatic fill-in won't always work.