[Greasemonkey] greasemonkey for secure data over insecure networks
gm at plsek.id.au
Tue Jul 19 04:04:49 EDT 2005
Mark Pilgrim wrote:
>On 7/18/05, Jeremy Dunck <jdunck at gmail.com> wrote:
>>So, uh, the script leaking investigation isn't entirely for the glory
>>of knowing. It also sucks to leak private keys.
>Last week I showed that the complete text of every single one of your
>locally-installed user scripts could be leaked to remote sites (
>http://diveintogreasemonkey.org/experiments/script-leak.html ), and
Does this "exploit" rely on the knowledge of the existence of
coz, your exploits don't work on my version of greasemonkey ... I
replaced "GM_apis" with a random string (newly generated for every
inject) ... or is there a way around that?
More information about the Greasemonkey