[Greasemonkey] greasemonkey for secure data over insecure networks / sites

Mark Pilgrim pilgrim at gmail.com
Mon Jul 18 15:01:56 EDT 2005


On 7/18/05, Godmar Back <godmar at gmail.com> wrote:
> Could a malicious web site serve JavaScript that would create
> connections to domains other than the domain from which it came if the
> user has a GM script that is triggered for all pages, since the
> GM_xmlhttprequest function object (or whatever it was called) will
> then exist in the environment of the page?

Yes.  http://diveintogreasemonkey.org/experiments/xmlhttprequest-leak.html

-- 
Cheers,
-Mark


More information about the Greasemonkey mailing list