javascript - Should chrome extensions have access to Tabs content (other websites) -

is there way identify , block js files/events not part of domain?

like assume, if i'm writing extension chrome , put following code in js

$('div').on('click', function(){ alert("yup"); }); 

is there way website handle case?

edit 1:

after discussion @clive, realized extension/application should run in sandbox , should not able access events/elements outside scope.

case

a chrome extension have keypress event on input[type=text] , input[type=password]. extension runs in background, there js files available. hence if open facebook , login account, extension capture data , can send server.

my case

two user getting alert messages multiple times. thought part of our code , checked js files. realized, both user had same extension , diagnosed extension's js file , found alert in it. lucky, no damage done, still posses possible security threat.

short answer: no.

long answer:

chrome extensions run code in separate space site's code, don't interact @ all. best prevent dom edits. luckily chrome extensions run in sandbox , have explicitly ask permissions domains inject code in , domains listed when install extension. other way extensions interact page through activetab permission 1 time allowance on specific user action. if using extension think malicious, can read code since js naturally open source. boils down matter of trust. installing explicitly trusting thing not mess stuff. applies programs. if don't trust extension, don't install it. sandbox can prevent while still letting extensions something.