[Greasemonkey] GreaseMonkeyed.com - Script Repository

Godmar Back godmar at gmail.com
Tue Jul 19 12:54:43 EDT 2005


Many GM scripts rely on intricate details of the DOM of the pages they
grease, which are likely to change over time (for instance, the NY
Times moves a page into its archive and its format changes).  GM
currently does not have an update mechanism like the one provided to
extensions via update.rdf and/or addons.mozdev.org.  Therefore,
service providers might lean to choose the route that will always keep
their clients up-to-date.

Of course, skilled people doing individual greasing of pages for
personal purposes would not. I do expect the majority of GM users
however to be unable to inspect a user script for vulnerabilities
before loading it into their own GM.

I like the Joe's idea of a peer review for GM scripts; of course, the
integrity of the script must be guaranteed in this case to ensure that
the review posted applies to exactly what the user installs locally,
similar to how a digital signature includes a fingerprint of the
document being signed.  Unfortunately, scripts that eval some external
pulled-in js would be excluded from that approval unless the currently
included version of the script would be subjected to peer review first
- in this case it would have to be hosted from the peer review site,
which raises the issues of who pays for the additional load imposed on
those servers.

 - Godmar

On 7/19/05, Aaron Boodman <zboogs at gmail.com> wrote:
> > Obviously, writing a blank check in this way raises more security issues.
> 
> Yeah that's pretty scary. A script can just change itself whenever it
> wants w/o the user's approval.
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>


More information about the Greasemonkey mailing list