User reached out to me. They created an overlay extension. So this solution is different from the bootstrap demo I showed in my other solution submited, as bootstrap addons don't support resource in chrome.manifest. ("resource" is needed because it is accessible by content, in bootstrap you have to set "contentaccessible=true" to the chrome package)
The repository of the test addon created by blee908 is HERE@GitHub
I forked this addon and made the updates HERE@GitHub. So it now injects a script that alert's "hey" on the current website in the tab when this widget is clicked. (If you don't see it when install addon you have to customize toolbars and drag from there to either addonbar or toolbar)
There were three steps to do this as seen in commit history of the updated addon
- Create test.js
Created a folder which I will expose to resource later on and created the script file with code I want to inject
Update chrome.manifest
Create a resource out of the content/injectable/ folder, this way anything in that folder can be injected into sites without "Permission Security" exceptions.
Update browserOverlay.js
We defined in our chrome.manifest file that the location to the folder with our script is "resource://xulschoolhello-injections/" so lets tell it to inject the script file from. I also edited out the innerHTML being set to "rawr".