julien.couvreur at gmail.com
Thu Apr 14 19:47:29 EDT 2005
Jeremy Dunck wrote:
> Yeah it recently dawned on me that data URIs are a massively useful thing to
data: URIs are definitely great for including images in scripts or
generating scripts from a webpage without a server. I think the Gmail
Persistent Search was the first user script I saw using it.
But in the case of HTML overlays, it would be a pain to have to go
through the encoding cycle to develop an overlay. If we can find a way
to put long literal strings as-is in the script (see other thread on
the topic) it would be much better for non-binary data like HTML
templates or XML.
> but can anyone say there is no potential for abuse?
User scripts in general definitely have a lot of potential for abuse
and fraud. You can spy on users using querystring parameters and more
without encoding scripts.
The risk that encoding adds is marginal imho, since most of the time
you'd encode images. Now it is possible to encode some script within a
script and un-encode it at runtime to eval() it, but I haven't seen a
single script do that so far...
More information about the Greasemonkey