[Greasemonkey] Quick fix?

comex comexk at gmail.com
Tue Jul 26 14:30:08 EDT 2005


While I may be missing out on something, as far as I can see, a secure
0.4 is in development but for now, people are encouraged to run the
neutered 0.3.5, because versions previous to that can access the local
file system and do other nasty things.

While I would rather have, of course, a secure version, I don't want
to uninstall the monkey.  And there is no confidential data in the GM
scripts I run or in http://localhost.

So, especially given the relative unpopularity of Firefox/GM, this
line makes my version of Greasemonkey (0.3.4) fairly secure as far as
I can tell.

if(!details.url.match(/^(https?|ftp):/)) return;

I don't see why something like that isn't the recommended version to run.


More information about the Greasemonkey mailing list