[Greasemonkey] GM_xmlhttpRequest-induced Firefox crash
tony at ponderer.org
Mon Apr 25 13:10:24 EDT 2005
On Mon, Apr 25, 2005 at 02:38:38PM -0400, Bob Herrmann wrote:
> I think the gist of the question is;
> to tweak sites
> 2. Is greasemoneky for mom/pop to install little scripts that adjust
> sites for them
That's irrelevant. Aaron's point is that even if you disable
GM_xmlhttpRequest, people can still do nasty things (e.g., hidden
iframes, hidden image requests, etc). Disabling GM_xmlhttpRequest
doesn't increase security.
> If your users are all of type 1, then security isn't important as the
> enduser understands and assumes the risk. If type 2 users start
> cropping up, they might install a script and not know what it does
> exactly. For example my "Removes all ADs scripts", might also post
> credit card numbers to a russian site.
> I don't have a horse in this race, although I'm more of a 1 than a 2.
> Aaron Boodman wrote:
> >I don't see the point. What would having it be disableable be designed
> >to solve? Security? Please. I am all over warning users when their
> >browser is trying to send data to a foreign site. But this will not
> >stop that. I'd like to do that with a separate extension.
> >On 4/25/05, Mark Pilgrim <pilgrim at gmail.com> wrote:
> >>On 4/25/05, Bill Donnelly <donnelly at snowcrest.net> wrote:
> >>>I think GM_xmlhttpRequest should be able to be disabled
> >>>or enabled by the user.
> >>Not a terrible idea at first glance, but please provide a way for user
> >>scripts to detect the current state of the function, so that I can
> >>automatically disable part of my script's functionality without
> >>bothering the user. If you're simply going to not define
> >>GM_xmlhttpRequest, then "if (!GM_xmlhttpRequest)" will work, but if
> >>you're going to make it do something else (like pop up an alert),
> >>please provide a way for user scripts to detect this.
> >>Greasemonkey mailing list
> >>Greasemonkey at mozdev.org
> >Greasemonkey mailing list
> >Greasemonkey at mozdev.org
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
More information about the Greasemonkey