There are many ways to interact with page scripts, the most common of which are described in the official documentation, including all the methods listed in the question.
Read Interacting with Page Scripts .
However, it should be noted that interacting with page scripts in safe mode can be difficult. It should be especially remembered that unsafeWindow is called unsafe for any reason:
Be careful using unsafeWindow: you cannot rely on any of your properties or functions that are or perform what you expect. Any of them, even setters and getters, could be overridden by the script page. Do not use it if you do not trust the page, and even then be careful.
In addition, unsafeWindow does not support the API, so it can be removed or changed in a future version of the SDK.
Reading data or executing unsafeWindow functions unsafeWindow safe in the sense that it cannot directly lead to code execution in another (script content) security context. Javascript engines will be sure of that.
But itβs very true that you should never trust the data coming from the website. Always expect code to be thrown, denial of service with unexpected endless loops or similar. And never explicitly or implicitly eval uate code in the context of your script content.
Also, never think that you really can trust a site, even if it is your own site. Websites may be compromised (hacked), owners may change in the future, data may be changed along the way (active attacks by Man-In-The-Middle), or another addition could change it, etc.