[Greasemonkey] greasemonkey for secure data over insecure networks / sites

Aaron Boodman zboogs at gmail.com
Mon Jul 18 22:55:21 EDT 2005


User scripts always have access to GM_xmlhttpRequest - no matter when
they execute - because they are in their global scope.

Content does not have access to GM_xmlhttpRequest because
GM_xmlhttpRequeset is not on content's global scope.

Maybe you're confusing scope and security context. The global scope of
content is the window object -- that's why content can call alert( )
instead of window.alert( ) and it works.

The global scope for our user scripts will be a new object who's
prototype is the content window. But that object will also have some
new properties, GM_xmlhttpRequest is one of them. But that new object
is not in content's scope chain at all.


More information about the Greasemonkey mailing list