[Greasemonkey] greasemonkey for secure data over insecure
networks / sites
zboogs at gmail.com
Mon Jul 18 22:55:21 EDT 2005
User scripts always have access to GM_xmlhttpRequest - no matter when
they execute - because they are in their global scope.
Content does not have access to GM_xmlhttpRequest because
GM_xmlhttpRequeset is not on content's global scope.
Maybe you're confusing scope and security context. The global scope of
content is the window object -- that's why content can call alert( )
instead of window.alert( ) and it works.
The global scope for our user scripts will be a new object who's
prototype is the content window. But that object will also have some
new properties, GM_xmlhttpRequest is one of them. But that new object
is not in content's scope chain at all.
More information about the Greasemonkey