[Greasemonkey] greasemonkey for secure data over insecure
networks / sites
Mark Pilgrim
pilgrim at gmail.com
Mon Jul 18 15:01:56 EDT 2005
On 7/18/05, Godmar Back <godmar at gmail.com> wrote:
> Could a malicious web site serve JavaScript that would create
> connections to domains other than the domain from which it came if the
> user has a GM script that is triggered for all pages, since the
> GM_xmlhttprequest function object (or whatever it was called) will
> then exist in the environment of the page?
Yes. http://diveintogreasemonkey.org/experiments/xmlhttprequest-leak.html
--
Cheers,
-Mark
More information about the Greasemonkey
mailing list