[Greasemonkey] Alternative script injection technique proof of concept

John Plsek gm at plsek.id.au
Wed Jul 20 00:15:51 EDT 2005

Aaron Boodman wrote:

>I was all over the eval idea until I figured out that
>GM_xmlhttpRequest would still be accessible via the callstack. I think
>the sandbox approach is best because it lessens the chance of me
>screwing up and exposing some other way to access api functions.
Yeah, the local file access was a wakeup call!!

I'm afraid you lost me on how GM_xmlHttpRequest would still be available 
... but that's OK, I'll dive into javascript and learn about 
"callstack"s ;-)

As far as the sandbox goes ... bring on firefox 1.1, because I still 
haven't figured out if/how evalInSandbox and the Sanbox object can be 
used in ff 1.0.5


More information about the Greasemonkey mailing list