This with regard to sharing classes and methods in the master window. As mentioned, we put a class or method or constant there, we have to know it can't be tampered with. Do this. Object.defineProperty(mw$, "blah",{enumerable:false,writable:false,configurable:false}); Not just what we put in the master window, but the methods we put in the prototypes in the classes in the master window, and the prototype objects themselves. All of it. There. But what stops them from adding something nefarious? Nothing. But we can detect it. After every browse, and after every js function, in jSideEffects(), I could call a master window tamper check method that would get all the keys in the master window, and all the keys in the prototypes of our classes, and count them, and make sure no new ones were added. See the latest commit which uses GetOwnPropertyNames() to do this. So we could detect tampering, and if discovered, turn off javascript for the duration of the edbrowse program. It's ugly to implement, the solution is a bit drastic, but it would be secure, and would guard against something that almost certainly would never happen. That's the thought for the day. Karl Dahlke