greasemonkey at thebiermans.net
Thu Apr 14 16:51:30 EDT 2005
From: Of Jeremy Dunck
Yeah it recently dawned on me that data URIs are a massively useful thing to
Decentralizing resource load is vital with this stuff.
The smiley user script is one example, but there are tons more. Yay, Hixie!
(He pushed data URI in Moz before I got it.)
MB> First, I want to say that I think user scripts are probably the coolest
thing on the web in the last 5 years. I already feel I can't live on the web
without it. (Okay I would rather not...) But...
Isn't there is more than just load balancing at issue? What if someone
encoded something in a URL that the end user wasn't aware of? How about a
webbug or a URL that snarfs some data and sends it to a third party. Maybe
some users would notice a URL that was doing odd things, but many won't read
the code of a user script or know what it does. When data is encoded, it
is unlikely the average user is going to uuencode the image and inspect it
for safety. It isn't uncommon for spyware and such to use cute things like
the harmless smiley user script to capture information. This is done all of
the time--although probably hasn't happened with user scripts yet. Anything
as potentially powerful as a user script can be turned to negative uses--and
I venture to say, I see no reason that this can't or won't happen to user
scripts at some point. I am not expert enough to offer any suggestions
other than people have to be careful about the user scripts they install,
but whether images and data are retrieved locally or on a server, there
should be some caution. I know, the sky is not falling, but can anyone say
there is no potential for abuse?
More information about the Greasemonkey