[Greasemonkey] GM is great, but Security questions - yet again

Edward Lee edilee at gmail.com
Fri Apr 1 13:59:57 EST 2005


XMLHttpRequests can be very dangerous because it can send data to
other hosts if it was not sandboxed. This could collect data on a page
(credit card numbers?) and send them to a third party host that logs
this information. Right now I've written a personal user script that
parses a page and sends that information to my server for automatic
logging, but it wouldn't be hard for someone to do soemthing "bad"
with unrestricted XMLHttpRequests.

Any extension can do that, it's just that people might treat user
scripts as something "safer" because of the lack of warning/timer
dialog before installing like what we have for extensions right now.

-- 
Ed


More information about the Greasemonkey mailing list