[Greasemonkey] GM_xmlhttpRequest and localhost

Bill Donnelly donnelly at snowcrest.net
Tue Jul 19 17:23:42 EDT 2005


Which is why xmlhttprequest isn't part of JS core
and they have all those "foreign domain" restrictions
(Same-Origin Policy) and the like.

Ideally, GmScripts should be just as secure as 'standard JS'
scripts, or as close as possible, using a similar security
model with similar security options like the signed scripts
and codebase principals and the
netscape.security.PrivilegeManager.enablePrivilege()
function with the UniversalBrowserRead, UniversalBrowserWrite,
_UniversalXPConnect_, UniversalPreferencesRead,
UniversalPreferencesWrite, CapabilityPreferencesAccess and
UniversalFileRead options.

btw -- Is the following a known resource?

http://wiki.mozilla.org/Mozilla2:CAPSSecurity

-- 
Jack the Ripper may have been quite insane,
but he had beautiful penmanship.
btw -- Don't look back!
The lemmings are gaining on you.


More information about the Greasemonkey mailing list