[Greasemonkey] Alternative script injection technique proof of concept

Aaron Boodman zboogs at gmail.com
Mon Jul 18 16:12:38 EDT 2005


attachment?

On 7/18/05, Jacob Scherrer <scherrer at gmail.com> wrote:
> Let's try this again, this diff seems to prevent access to objects
> outside to the windows object's scope. Otherwise a more ham fisted
> approach could be taken by doing:
> 
> scopeObject.Components = function () {};
> 
> -Jacob Scherrer
> 
> On 7/18/05, Jacob Scherrer <scherrer at gmail.com> wrote:
> > Yes, the user script does create the file. Oh well, back to the drawing board.
> > Thanks for the feed back.
> >
> > -Jacob Scherrer
> >
> > On 7/18/05, Aaron Boodman <zboogs at gmail.com> wrote:
> > > I believe that this approach will allow user scripts to access any
> > > XPCOM interface.
> > >
> > > Try, for instance, putting this in a user script:
> > >
> > > var file = Components.classes["@mozilla.org/file/directory_service;1"]
> > >                      .getService(Components.interfaces.nsIProperties)
> > >                      .get("TmpD", Components.interfaces.nsIFile);
> > > file.append("suggestedName.tmp");
> > > file.createUnique(Components.interfaces.nsIFile.NORMAL_FILE_TYPE, 0664);
> > > alert(file.path);
> > >
> > > --
> > > Aaron
> > > _______________________________________________
> > > Greasemonkey mailing list
> > > Greasemonkey at mozdev.org
> > > http://mozdev.org/mailman/listinfo/greasemonkey
> > >
> >
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>


More information about the Greasemonkey mailing list