[Greasemonkey] greasemonkey for secure data over insecure networks / sites

John Plsek gm at plsek.id.au
Tue Jul 19 13:11:06 EDT 2005


Aaron Boodman wrote:

>You could do this.contentWindow.eval(), but that's basically the same
>thing I have. The reason I didn't do that is because a friend of mine
>had told me he had problems with moz leaking with eval and large
>javascript chunks.
>_______________________________________________
>  
>
Fair enough. As I said, I have a 93k script (would that classify as a 
large javascript chunk?) and it doesn't seem to leak at all. Maybe I've 
just written it well!!

As an alternate way of thinking. Is it possible for greasemonkey to 
detect the presence of a potential exploit and optionally:

1) abort injection, or
2) warn the user that exploits exist and give the user the option of 
injecting or not

I know the long term goal is to find an alternate method of executing 
user scripts, but that seems to be a fair way off

John


More information about the Greasemonkey mailing list