diff --git a/content/install-hook-userstyles.js b/content/install-hook-userstyles.js
index 6159e8a2..5c4ffe5f 100644
--- a/content/install-hook-userstyles.js
+++ b/content/install-hook-userstyles.js
@@ -364,12 +364,13 @@ document.documentElement.appendChild(document.createElement('script')).text = `(
           return;
         }
         const xhr = new XMLHttpRequest();
-        xhr.responseType = 'json';
         xhr.onloadend = xhr.onerror = () => {
           window.stop();
           top.postMessage({
             id: data.xhr.id,
             status: xhr.status,
+            // [being overcautious] a string response is used instead of relying on responseType=json
+            // because it was invoked in a web page context so another extension may have incorrectly spoofed it
             response: xhr.response,
           }, EXTENSION_ORIGIN);
         };
diff --git a/popup/search-results.js b/popup/search-results.js
index e4379614..9dbb48ad 100755
--- a/popup/search-results.js
+++ b/popup/search-results.js
@@ -832,8 +832,11 @@ window.addEventListener('showStyles:done', function _() {
       chrome.webRequest.onBeforeRequest.removeListener(stripResources);
       searchFrameQueue.delete(data.id);
       clearTimeout(timeout);
-      if (data.response && data.status < 400) {
-        resolve(data.response);
+      // [being overcautious] a string response is used instead of relying on responseType=json
+      // because it was invoked in a web page context so another extension may have incorrectly spoofed it
+      const json = tryJSONparse(data.response);
+      if (json && data.status < 400) {
+        resolve(json);
       } else {
         reject(data.status);
       }