[Greasemonkey] Script leakage

Ted Mielczarek ted.mielczarek at gmail.com
Wed Jul 13 16:01:58 EDT 2005


On 7/13/05, Aaron Boodman <zboogs at gmail.com> wrote:
> > var ce = Components.lookupMethod(document,  createElement")
> >
> > This works in chrome, but won't work in untrusted JS pre-Firefox 1.1.
> > Also you can use XPCNativeWrapper(), see
> > http://kb.mozillazine.org/XPCNativeWrapper
> 
> Will the node that is created/appended *also* be invisible to content?
> I thought this was just to make sure you don't get a method you think
> is createElement, but is actually a hacker's method.

No, I meant to add a note about that, sorry.  The only way I could
think to do that would be using XBL, which is probably out of the
scope of GM.

> > > * run javascript against the content DOM without adding a script
> > > element, but remaining in the content's security context
> >
> > You want mozIJSSubScriptLoader:
> > http://www.xulplanet.com/references/xpcomref/ifaces/mozIJSSubScriptLoader.html
> > See also http://weblogs.mozillazine.org/weirdal/archives/008101.html
> 
> I've played with it, but I couldn't figure out how to run it in a
> security context less than chrome. Other than that, it is ideal. Do
> you know how?

Hm, after playing with it for a bit you're right.  I'm not sure
there's any way to do that.

-Ted


More information about the Greasemonkey mailing list