Comment 2 for bug 782972

Package itself looks fine. But passing to security team for a quick review. Handling javascript seems like something that would need a sign off.