[Greasemonkey] GM is great, but Security questions - yet again

alan taylor kokogiak at gmail.com
Fri Apr 1 14:07:27 EST 2005


Hi, new to the mailing list, but already having fun building scripts
(My first one for Flickr here:
http://www.kokogiak.com/gedankengang/2005/03/taking-advantage-of-extensibility-my.html
)

Sorry to be all serious on April 1st - I've combed through most of the
past conversations on here, and see that folks are well aware of some
potential security issues, but I didn't see any sort of clear move
toward a solution (maybe I missed it).

In the hours I spent building my script, (and discovering the new
GMXmlHTTPrequest object), it occurred to me how be trivial it would be
to wreak some pretty nasty script out there. Yes, the script would be
'visible' to end-users, but could still be obfuscated enough to
confuse a casual glance.

So what are the options, and are any being actively pursued? Signed
scripts, 'blessed' (reviewed) scripts, user-warnings, no action?

I'm concerned because A) I think GM is amazingly cool, and has a
potential to get a serious level of uptake (at least in certain
circles) and B) all it takes is one bad apple to bring a sour taste to
the whole thing.

Thanks,
-Alan Taylor


More information about the Greasemonkey mailing list