[Greasemonkey] GM_xmlhttpRequest-induced Firefox crash

Bob Herrmann bob at jadn.com
Mon Apr 25 15:38:38 EDT 2005

I think the gist of the question is;
 1.  Is greasemonkey for people who like to play with small javascripts 
to tweak sites
 2.  Is greasemoneky for mom/pop to install little scripts that adjust 
sites for them

If your users are all of type 1, then security isn't important as the 
enduser understands and assumes the risk.  If type 2 users start 
cropping up, they might install a script and not know what it does 
exactly.  For example my "Removes all ADs scripts", might also post 
credit card numbers to a russian site.

I don't have a horse in this race, although I'm more of a 1 than a 2.


Aaron Boodman wrote:

>I don't see the point. What would having it be disableable be designed
>to solve? Security? Please.  I am all over warning users when their
>browser is trying to send data to a foreign site. But this will not
>stop that. I'd like to do that with a separate extension.
>On 4/25/05, Mark Pilgrim <pilgrim at gmail.com> wrote:
>>On 4/25/05, Bill Donnelly <donnelly at snowcrest.net> wrote:
>>>I think GM_xmlhttpRequest should be able to be disabled
>>>or enabled by the user.
>>Not a terrible idea at first glance, but please provide a way for user
>>scripts to detect the current state of the function, so that I can
>>automatically disable part of my script's functionality without
>>bothering the user.  If you're simply going to not define
>>GM_xmlhttpRequest, then "if (!GM_xmlhttpRequest)" will work, but if
>>you're going to make it do something else (like pop up an alert),
>>please provide a way for user scripts to detect this.
>>Greasemonkey mailing list
>>Greasemonkey at mozdev.org
>Greasemonkey mailing list
>Greasemonkey at mozdev.org

More information about the Greasemonkey mailing list