[Greasemonkey] Greasemonkey Dict

Mark Pilgrim pilgrim at gmail.com
Thu Jul 21 12:20:36 EDT 2005


On 7/21/05, Aaron Kurtz <aaron.kurtz at gmail.com> wrote:
> Would using an extension that specifically blocks all JS save a specified
> whitelist allow us to run the older versions safely?  Assuming that we only
> allow trusted sites to run JS?

People!  This entire thread is pointless!  GM 0.3.3 and GM 0.4.0
expose *the entire contents of your hard drive* to any site you visit
on which you run *any user script* (even an entirely blank one). 
There is absolutely no one in the world I would trust that much.  No
one.  Not my wife, not my son, not my parents.  Certainly not the
owner a random IP address that a web domain happens to resolve to
today, whose identity I can't confirm without visiting the site and
exposing *the entire contents of my hard drive*.

Stop playing Whack-A-Mole.  Stop thinking like an Exchange
administrator.  ("Maybe I'll be safe if I put my Exchange server
behind a firewall and set up policies to deny .EXE attachments --
oops, I mean .EXE and .COM -- oops, I mean .EXE, .COM, and .PIF --
oops, forgot about screensavers...")  Uninstall the *horribly
dangerously unsafe* version of Greasemonkey you're running, install
Greasemonkey 0.3.5, and disable all the wonderful API-reliant user
scripts you're so attached to.  Right.  Now.

-- 
Cheers,
-Mark


More information about the Greasemonkey mailing list