I'd very curious to know how they managed to deal with this then. There's always the option of embedding quickjs-vm within the addon (as a wasm module), but that would not allow the executed code to access the document.