[Greasemonkey] GM_xmlhttpRequest and localhost
jyang825 at gmail.com
Tue Jul 19 12:46:02 EDT 2005
I think the access to http://localhost is important for many wonderful
possibilities. However, security concerns are also real. Can we plese do
this? Some configuration is provided for user to allow only GM scripts from
certainly sites to access http://localhost?
On 7/19/05, Edward Lee <edilee at gmail.com> wrote:
> I believe the security issue is that *other* people would also
> possibly have access to your localhost which you might have intended
> to only be for yourself. If someone finds another way to take over
> GM_xmlhttprequest, they could put it on some public website and access
> your private localhost pages.
> I have pages running on localhost, but they're also accessible by my
> IP. Others have localhost set up only to let that computer access. A
> hijacked greaesmonkey would act like the user accessing from the local
> computer, but the control is actually from outside.
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Greasemonkey