[Greasemonkey] GM_xmlhttpRequest and localhost
arantius at gmail.com
Tue Jul 19 18:27:49 EDT 2005
My two cents:
Think of all the general user base spread across the world. How many
of these people are running a web server on localhost? Got to be well
well under 1%. It's almost pointless to worry about.
But, given that the case where there is one, there's a much more
significant chance of some kind of security hole because the server
assumes requests from localhost are privileged, we should do
I vote for blocking localhost and 127.*.*.* (don't remember that whole
A class resolves to localhost) by default. If it's not too much
trouble, an about:config to turn it back on for the few people who are
(or know) developers perfectly capable of it anyways.
More information about the Greasemonkey