Over the last week I've developed and released an extension for Chrome/Firefox that collapses and adds a toggle bar to each Google+ stream post.<p>I've also just released a bookmark that takes the extension code (from code.google.com) and injects it into the G+ page for those browsers that can't use the extension.<p>now, my understanding is that this is basically user-control cross-site scripting (XSS).<p>The thing is, it's exactly what all of the extensions are doing anyway, isn't it?<p>Is there something I'm missing?