[Greasemonkey] How the script injection works and scoping
edilee at gmail.com
Thu Apr 21 02:28:57 EDT 2005
On 4/21/05, Julien Couvreur <julien.couvreur at gmail.com> wrote:
> We're adding a script node (that gets evaluated) and then the node is
> cleaned up. Also seems hacky.
I figured you were getting at that point in the original post, but I
forgot to mention it. If you do an eval, things get executed with
extension privileges. You would have access to a lot more
functionality with stuff like components, but then you could do a lot
of bad things as well with a basic user script. The user script could
also possibly break Greasemonkey as it evaluates the scripts and it
would prevent other scripts from running.
That's the reason for GM_xmlhttpRequest (and other GM functions)
because normally you would just do your own XMLHttpRequest from the
extension scope with no sandbox issues, but it was decided that user
scripts would be better running in the normal document security but
with some special access to add more functionality.
More information about the Greasemonkey