Add a warning to the documentation of chrome.tabs.executeScript API

chrome/common/extensions/api/tabs.json

Index: chrome/common/extensions/api/tabs.json
diff --git a/chrome/common/extensions/api/tabs.json b/chrome/common/extensions/api/tabs.json
index 3bd8a5719bfbed4d5b4abd8ca89b0c80166bd818..b803e7fd3858ab6cd8da0937318c1a1435801952 100644
--- a/chrome/common/extensions/api/tabs.json
+++ b/chrome/common/extensions/api/tabs.json
@@ -35,7 +35,7 @@
         "type": "object",
         "description": "Details of the script or CSS to inject. Either the code or the file property must be set, but both may not be set at the same time.",
         "properties": {
-          "code": {"type": "string", "optional": true, "description": "JavaScript or CSS code to inject."},
+          "code": {"type": "string", "optional": true, "description": "JavaScript or CSS code to inject.<br><br><b>Warning:</b><br>Be careful using the <code>code</code> parameter. Incorrect use of it may open your extension to <a href=\"https://en.wikipedia.org/wiki/Cross-site_scripting\">cross site scripting</a> attacks."},
           "file": {"type": "string", "optional": true, "description": "JavaScript or CSS file to inject."},
           "allFrames": {"type": "boolean", "optional": true, "description": "If allFrames is <code>true</code>, implies that the JavaScript or CSS should be injected into all frames of current page. By default, it's <code>false</code> and is only injected into the top frame."},
           "runAt": {