[Greasemonkey] Script leakage

Ted Mielczarek ted.mielczarek at gmail.com
Tue Jul 12 22:41:40 EDT 2005


On 7/12/05, Aaron Boodman <zboogs at gmail.com> wrote:
> * modify the content DOM without such modification being visible to
> content script

var ce = Components.lookupMethod(document,  createElement")

This works in chrome, but won't work in untrusted JS pre-Firefox 1.1. 
Also you can use XPCNativeWrapper(), see
http://kb.mozillazine.org/XPCNativeWrapper

> * run javascript against the content DOM without adding a script
> element, but remaining in the content's security context

You want mozIJSSubScriptLoader:
http://www.xulplanet.com/references/xpcomref/ifaces/mozIJSSubScriptLoader.html
See also http://weblogs.mozillazine.org/weirdal/archives/008101.html

-Ted


More information about the Greasemonkey mailing list