[Greasemonkey] Locked out of Gmail

Edward Lee edilee at gmail.com
Mon Apr 25 11:56:55 EDT 2005


On 4/25/05, Jeremy Dunck <jdunck at gmail.com> wrote:
> There will, of course, be an arms race, with sites wishing to protect
> their business models (or servers, given the DDOS of
> GM_xmlhttpRequest) will do things like block accounts or obfuscate
> DOMs, assuming they're clueful enough to actually notice GM usage.

Or maybe site owners will provide a better way for people to access
their data. Instead of having xmlhttprequests load the whole page, a
special page can be set up to just return exactly what the script
needs. For example with my distributed automatic page crawling user
script that sends requests back to my server, I just return a bare
minimum (as well as sending a bare minimum) amount of information to
keep down traffic. The major issue would be with advertising because
sites that depend on ads would have people bypassing all that, but
then it's a similar issue with RSS feeds.

Plenty of sites (like online browser based games) probably have a "no"
policy for user scripts, but yeah, it seems like Gmail is one of the
first major sites to do something about it. About Gmail detecting the
scripts.. at least for the delete button script that I just looked
through, it adds a button to the page that triggers the select action
of the dropdownlist, and the button wouldn't show up in a page request
because it has no name attribute. So probably it isn't some server
side detection. As with most user scripts, unless you're creating new
ways to access the server, theres practically no way for the server to
detect the changes because they're just client side. But then with all
of Gmail's heavy client side javascript, it could be easily modified
to check for unwanted client side modifications.

-- 
Ed


More information about the Greasemonkey mailing list