[Greasemonkey] Alternative script injection technique proof of concept

John Plsek gm at plsek.id.au
Thu Jul 21 19:37:55 EDT 2005


Aaron Boodman wrote:

>Oh, and wrt to your idea about unwatch. Content can just do:
>
>window.unwatch = function(){}
>
>So yeah. Hard :-).
>
>  
>
Ok, thanks, you've always said there are "other ways" but never showed 
how it could be done ... sandbox is definitely the ONLY safe option in 
that case.

as far as the unwatch ...
if content does the above, greasemonkey doing "delete 
this.contentWindow.unwatch;" just before creating GM_apis, will actually 
restore the "native" unwatch function ... I know, I've tested it, I've 
even tested with content that does a window.watch("(un)watch" ... ) and 
try to re-redefine watch/unwatch when it's restored by the delete ... 
but if it succeeds (sometimes gets an error) it's only ever succeeded 
too late to watch for GM_apis

anyway, that discussion is a moot point, as you showed, there are other 
ways of getting to the good bits ;-)

John


More information about the Greasemonkey mailing list