the idea is that you have a button next to the URL to install it, from where it just runs as normal (albeit still without third-party cookies, as with fb buttons)
it could also do something smart with the type of javascript being executed. for eg. the concern with javascript is dyn generating forms or iframes and auto-submitting. etc. something that you can't do with extensions but you can do with a separate browser.
Firefox extensions can certainly do that. For example NoScript has IFrame blocking built-in, it's just disabled by default. More importantly, its ClearClick feature prevents clickjacking even with IFrames enabled.
You're right that Chrome extensions can't do that, though.
the idea is that you have a button next to the URL to install it, from where it just runs as normal (albeit still without third-party cookies, as with fb buttons)
it could also do something smart with the type of javascript being executed. for eg. the concern with javascript is dyn generating forms or iframes and auto-submitting. etc. something that you can't do with extensions but you can do with a separate browser.