[Greasemonkey] Script leakage
zboogs at gmail.com
Wed Jul 13 09:35:38 EDT 2005
> var ce = Components.lookupMethod(document, createElement")
> This works in chrome, but won't work in untrusted JS pre-Firefox 1.1.
> Also you can use XPCNativeWrapper(), see
Will the node that is created/appended *also* be invisible to content?
I thought this was just to make sure you don't get a method you think
is createElement, but is actually a hacker's method.
> > element, but remaining in the content's security context
> You want mozIJSSubScriptLoader:
> See also http://weblogs.mozillazine.org/weirdal/archives/008101.html
I've played with it, but I couldn't figure out how to run it in a
security context less than chrome. Other than that, it is ideal. Do
you know how?
More information about the Greasemonkey