[Greasemonkey] questions on context menu and security contexts

Godmar Back godmar at gmail.com
Fri Jul 1 01:41:59 EDT 2005


I am trying to find out if greasemonkey is suitable for my purposes or
whether I have to write my own extension instead. Specifically, I need
to add an entry to the context area menu.

As I understand from Aaron's mail [1], greasemonkey scripts do not
have direct access to the browser's XUL window because they are
injected into the DHTML of a page, and as such are associated with the
DOM of that page.

Yet, from examining the source code, I noticed that GM inserts certain
hooks into the environment that do allow a grease monkey script to
manipulate the XUL environment. Specifically, GM_registerMenuCommand
allows a user to add an entry to the "User Script Commands" menu -
which, I assume, also lives in the XUL window.

My questions are twofold.

1. Why doesn't GM offer a (controlled) way to change the context menu,
in the same way it allows a user to change the "User Script Commands"

2. (this is more out of technical interest because I couldn't find any
documentation on Mozilla's security model:)
Why does GM_registerMenuCommand work?  I understand *how* it works,
but not why.
Specifically, I note that the menuitem is created by a call from the
unprivileged context of injected scripts, yet initToolsMenu later on
somehow manages to get FF to display this unprivileged item as child
of the userscripts-command menu that's part of the XUL overlay.

It does that without ever having to raise its privileges (as
privileged Java code called from unprivileged code would have to do
via AccessController.doPrivileged().) Is this a bug or does Mozilla's
security model works such that all code provides by an extension is
run with full privileges?

In this context, I find it bizarre that xmlhttpRequest apparently
manages to work around XMLHttpRequest's restrictions by placing the
request code in a timeout, according to the comment in the code. If an
XMLHttpRequest created in extension code has all privileges it would
not be necessary; but if it's not supposed to have all privileges then
setTimeout should not allow the elevation of privileges simply because
timeouts are executed in a different thread.

 - Godmar

[1] http://www.mozdev.org/pipermail/greasemonkey/2005-January/000027.html

More information about the Greasemonkey mailing list