[Greasemonkey] GM_xmlhttpRequest and localhost

Edward Lee edilee at gmail.com
Tue Jul 19 10:58:36 EDT 2005


I believe the security issue is that *other* people would also
possibly have access to your localhost which you might have intended
to only be for yourself. If someone finds another way to take over
GM_xmlhttprequest, they could put it on some public website and access
your private localhost pages.

I have pages running on localhost, but they're also accessible by my
IP. Others have localhost set up only to let that computer access. A
hijacked greaesmonkey would act like the user accessing from the local
computer, but the control is actually from outside.

-- 
Ed


More information about the Greasemonkey mailing list