[Greasemonkey] greasemonkey for secure data over insecure networks
lists at atrus.org
Tue Jul 19 00:47:36 EDT 2005
Godmar Back wrote:
>On a related note, the fact that xmlhttprequest doesn't exclude local
>file:// URL means that not only would placing this ability into a page
>allow a malicious attacker to read local files, but it also allows the
>GM script itself to read all local files. This is still true for the
>sandbox approach Aaron is currently investigating, if the sandbox
>include chrome-privileged access to xmlhttprequest.
>How many people want to grant GM script writers access to their local
>harddrive when they install a GM script?
>My point is that scripts should be required to declare what privileges
>they need, and this must be enforced - either using Mozilla's security
>model or by implementing your own.
> - Godmar
The good news is that we're wrapping the object, so we can check to see
if it uses the file: scheme. Applying a whitelist seems like the obvious
approach (allow only http, https, ftp). That would prevent nastiness
file - your hard drive
chrome - everything in FF, including other scripts and extensions
about - about:config, about:cache, others?
More information about the Greasemonkey