[Greasemonkey] GM_xmlhttpRequest and localhost

Godmar Back godmar at gmail.com
Tue Jul 19 16:41:48 EDT 2005


I think that would be a good idea, especially considering that few GM
scripts will need to connect to more than a small number of sites.
So require an explicit @allow-connections-to <semicolon separated list
of domains> and disallow @allow-connects-to *, but do allows things
such as "@allow-connects-to *.google.com".
When installing a script inform the user if the @allow directive is
present that this script may connect to these sites/domains and that
personal information may be leaked to those domains.

 - Godmar

On 7/19/05, Jason Diamond <jason at injektilo.org> wrote:
> Mark Pilgrim wrote:
> 
> >  On 7/19/05, Jun Yang <jyang825 at gmail.com> wrote:
> >
> > > I think the access to http://localhost is important for many
> > > wonderful possibilities. However, security concerns are also real.
> > > Can we plese do this? Some configuration is provided for user to
> > > allow only GM scripts from certainly sites to access
> > > http://localhost?
> >
> >  Please disable all access by default, then provide options to allow
> >  access to localhost (and 127.0.0.1!). Such access is only useful for
> >  script developers, who can enable it if they need it.
> >
> >  Even better, don't provide a GUI option for it, just put it in
> >  about:config (no access by default) and publish documentation on how
> >  script developers can change it. I can't see any legitimate need to
> >  bother end users with this.
> 
> I like disabling everything by default. But why not make it a per-script
> option like the @include and @exclude headers?
> 
> // ==UserScript==
> // ...
> // @allow-requests-to localhost
> // ==/UserScript==
> 
> This makes it explicit what a user script might be contacting on a
> script-by-script basis. You won't have to look through the source for
> the script to see if it's contacting anybody you don't want it to.
> 
> A "@forbid-requests-to" header probably wouldn't be necessary since
> everything would be (should be) forbidden by default. Unless, of course,
> you wanted to do something like this:
> 
> // ==UserScript==
> // ...
> // @forbid-request-to *.goatse.cx
> // @allow-requests-to *
> // ==/UserScript==
> 
> Assuming GM is fixed so that websites can't access the GM_* functions,
> why not allow scripts the use of the file scheme (as long as it's
> explicitly allowed)?
> 
> // ==UserScript==
> // ...
> // @allow-requests-to file:///home/jason/stuff/*
> // ==/UserScript==
> 
> I can imagine this being very useful for scripts that want access to
> some configuration or metadata but don't want to "hard code" that
> information in the script itself.
> 
> --
> Jason
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>


More information about the Greasemonkey mailing list