[Greasemonkey] GM is great, but Security questions - yet again

Jeremy Dunck jdunck at gmail.com
Fri Apr 1 14:04:32 EST 2005

On Apr 1, 2005 1:59 PM, Edward Lee <edilee at gmail.com> wrote:
> Any extension can do that, it's just that people might treat user
> scripts as something "safer" because of the lack of warning/timer
> dialog before installing like what we have for extensions right now.

Actually, any page can do that using IFrame and form post.  There's
nothing new about cross-domain requests.  GM_xmlhttpRequest just makes
it more convenient.   An evil person would not be stopped by the
IFrame speedbump.

More information about the Greasemonkey mailing list