[Greasemonkey] greasemonkey for secure data over insecure networks / sites

Aaron Boodman zboogs at gmail.com
Mon Jul 18 13:50:25 EDT 2005


> In other words, running a Greasemonkey script on a site can expose the
> contents of every file on your local hard drive to that site.  Running
> a Greasemonkey script with "@include *" (which, BTW, is the default if
> no parameter is specified) can expose the contents of every file on
> your local hard drive to every site you visit.  And, because
> GM_xmlhttpRequest can use POST as well as GET, an attacker can quietly
> send this information anywhere in the world.

Nice. I die now.

In other news, somebody named Mike Shaver in #developers has pointed out this:

http://lxr.mozilla.org/mozilla/source/js/src/xpconnect/idl/xpccomponents.idl#148

I think it's only available in recent versions of FF, but it does the
job for the most part. Might be able to add it to 0.4, but it will
break old FF support (but who cares).

- a


More information about the Greasemonkey mailing list